Greetings, I don't know this is the right place to ask about this question but I will give it a shot. We are running a syslog-ng server and we want to use Kibana as a visualization tool. I got stuck in at this point when configuring conf.d file. source s_tcp { tcp(ip("0.0.0.0") port("514")); udp(ip("0.0.0.0") port("514")); }; destination d_el { elasticsearch2( client-mode("http") index("syslog-ng") type("test") cluster-url(http://10.1.3.222:9200) ); #file("/var/log/networks/$HOST/$YEAR/$MONTH/$HOST-$YEAR-$MONTH-$DAY.log"); }; log { source(s_tcp); destination(d_el); flags(flow-control); }; If I start syslog-ng daemon, I got the below error. Apr 04 11:54:42 syslog-ng syslog-ng[22294]: [2022-04-04T11:54:42.443764] Plugin module not found in 'module-path'; module-path='/usr/lib/syslog-ng/3.13', module='mod-java' Apr 04 11:54:42 syslog-ng syslog-ng[22294]: Error parsing destination, destination plugin elasticsearch2 not found in /etc/syslog-ng/conf.d/firewals.conf at line 10, column Apr 04 11:54:42 syslog-ng syslog-ng[22294]: included from /etc/syslog-ng/syslog-ng.conf line 163, column 1 Apr 04 11:54:42 syslog-ng syslog-ng[22294]: elasticsearch2( Apr 04 11:54:42 syslog-ng syslog-ng[22294]: ^^^^^^^^^^^^^^ Apr 04 11:54:42 syslog-ng syslog-ng[22294]: syslog-ng documentation: https://www.balabit.com/support/documentation?product=syslog-ng-ose Apr 04 11:54:42 syslog-ng syslog-ng[22294]: contact: https://lists.balabit.hu/mailman/listinfo/syslog-ng Apr 04 11:54:42 syslog-ng systemd[1]: syslog-ng.service: Main process exited, code=exited, status=1/FAILURE Apr 04 11:54:42 syslog-ng systemd[1]: syslog-ng.service: Failed with result 'exit-code'. Apr 04 11:54:42 syslog-ng systemd[1]: Failed to start System Logger Daemon. -- Subject: Unit syslog-ng.service has failed I am running 3.13 (syslog-ng) and what did I miss? PRIVILEGED AND CONFIDENTIAL COMMUNICATION This message is privileged and confidential under state and federal law. It is intended for the exclusive use of the named recipient. If the reader of this message is not the named or intended recipient, or the employee or agent responsible for delivering the message to its intended recipient, you are hereby notified that any use, copying, disclosure or dissemination of this message is strictly prohibited. If you are not the named or intended recipient and have received this communication in error, please notify us immediately by replying to the sender of this e-mail or at the address and phone number listed below, and take all steps necessary to delete this communication. Exactech, Inc. 2320 NW 66th Ct. Gainesville, FL. 32653 352-377-1140 An Equal Opportunity Employer
Hi Ethan, On Mon, Apr 04, 2022 at 04:22:57PM +0000, Park, Ethan wrote:
I am running 3.13 (syslog-ng) and what did I miss?
Is there any chance you could use a more recent version of syslog-ng? The problem is that the elasticsearch2() destination is deprecated, as you should now use the elasticsearch-http() destination, available only since syslog-ng 3.21. If you insist, we can try to help, but it would be a much better solution for you to upgrade. Cheers Fabien
participants (2)
-
Fabien Wernli
-
Park, Ethan