Hello,

From the debug logs it looks to me that you have not installed *syslog-ng-java*. Otherwise it should be listed such as:

"Registering candidate plugin; module='java', context='destination', name=java', preference='0'" Do you have the above mentioned package installed ? -- Kokan On Fri, Apr 6, 2018 at 3:16 PM André F. Grehs <andre.grehs@bitcom.psi.br> wrote:

Hi Gabor, thank you for your support.

Below is the output:

[root@syslog conf.d]# /usr/sbin/syslog-ng -Fedv Starting to read include file; filename='/etc/syslog-ng/scl.conf', depth='1' Global value changed; define='scl-root', value='/usr/share/syslog-ng/include/scl' Global value changed; define='include-path', value='/etc/syslog-ng:/usr/share/syslog-ng/include' Starting to read include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' Module loaded and initialized successfully; module='system-source' Finishing include; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' Starting to read include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' Reading path for candidate modules; path='//usr/lib64/syslog-ng' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='affile.so', module='affile' Registering candidate plugin; module='affile', context='source', name='file', preference='0' Registering candidate plugin; module='affile', context='source', name='pipe', preference='0' Registering candidate plugin; module='affile', context='destination', name='file', preference='0' Registering candidate plugin; module='affile', context='destination', name='pipe', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afprog.so', module='afprog' Registering candidate plugin; module='afprog', context='source', name='program', preference='0' Registering candidate plugin; module='afprog', context='destination', name='program', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afsocket-notls.so', module='afsocket-notls' Registering candidate plugin; module='afsocket-notls', context='source', name='unix-stream', preference='0' Registering candidate plugin; module='afsocket-notls', context='destination', name='unix-stream', preference='0' Registering candidate plugin; module='afsocket-notls', context='source', name='unix-dgram', preference='0' Registering candidate plugin; module='afsocket-notls', context='destination', name='unix-dgram', preference='0' Registering candidate plugin; module='afsocket-notls', context='source', name='tcp', preference='0' Registering candidate plugin; module='afsocket-notls', context='destination', name='tcp', preference='0' Registering candidate plugin; module='afsocket-notls', context='source', name='tcp6', preference='0' Registering candidate plugin; module='afsocket-notls', context='destination', name='tcp6', preference='0' Registering candidate plugin; module='afsocket-notls', context='source', name='udp', preference='0' Registering candidate plugin; module='afsocket-notls', context='destination', name='udp', preference='0' Registering candidate plugin; module='afsocket-notls', context='source', name='udp6', preference='0' Registering candidate plugin; module='afsocket-notls', context='destination', name='udp6', preference='0' Registering candidate plugin; module='afsocket-notls', context='source', name='syslog', preference='0' Registering candidate plugin; module='afsocket-notls', context='destination', name='syslog', preference='0' Registering candidate plugin; module='afsocket-notls', context='source', name='network', preference='0' Registering candidate plugin; module='afsocket-notls', context='destination', name='network', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afsocket-tls.so', module='afsocket-tls' Registering candidate plugin; module='afsocket-tls', context='source', name='unix-stream', preference='100' Registering candidate plugin; module='afsocket-tls', context='destination', name='unix-stream', preference='100' Registering candidate plugin; module='afsocket-tls', context='source', name='unix-dgram', preference='100' Registering candidate plugin; module='afsocket-tls', context='destination', name='unix-dgram', preference='100' Registering candidate plugin; module='afsocket-tls', context='source', name='tcp', preference='100' Registering candidate plugin; module='afsocket-tls', context='destination', name='tcp', preference='100' Registering candidate plugin; module='afsocket-tls', context='source', name='tcp6', preference='100' Registering candidate plugin; module='afsocket-tls', context='destination', name='tcp6', preference='100' Registering candidate plugin; module='afsocket-tls', context='source', name='udp', preference='100' Registering candidate plugin; module='afsocket-tls', context='destination', name='udp', preference='100' Registering candidate plugin; module='afsocket-tls', context='source', name='udp6', preference='100' Registering candidate plugin; module='afsocket-tls', context='destination', name='udp6', preference='100' Registering candidate plugin; module='afsocket-tls', context='source', name='syslog', preference='100' Registering candidate plugin; module='afsocket-tls', context='destination', name='syslog', preference='100' Registering candidate plugin; module='afsocket-tls', context='source', name='network', preference='100' Registering candidate plugin; module='afsocket-tls', context='destination', name='network', preference='100' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afsocket.so', module='afsocket' Registering candidate plugin; module='afsocket', context='source', name='unix-stream', preference='100' Registering candidate plugin; module='afsocket', context='destination', name='unix-stream', preference='100' Registering candidate plugin; module='afsocket', context='source', name='unix-dgram', preference='100' Registering candidate plugin; module='afsocket', context='destination', name='unix-dgram', preference='100' Registering candidate plugin; module='afsocket', context='source', name='tcp', preference='100' Registering candidate plugin; module='afsocket', context='destination', name='tcp', preference='100' Registering candidate plugin; module='afsocket', context='source', name='tcp6', preference='100' Registering candidate plugin; module='afsocket', context='destination', name='tcp6', preference='100' Registering candidate plugin; module='afsocket', context='source', name='udp', preference='100' Registering candidate plugin; module='afsocket', context='destination', name='udp', preference='100' Registering candidate plugin; module='afsocket', context='source', name='udp6', preference='100' Registering candidate plugin; module='afsocket', context='destination', name='udp6', preference='100' Registering candidate plugin; module='afsocket', context='source', name='syslog', preference='100' Registering candidate plugin; module='afsocket', context='destination', name='syslog', preference='100' Registering candidate plugin; module='afsocket', context='source', name='network', preference='100' Registering candidate plugin; module='afsocket', context='destination', name='network', preference='100' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afstomp.so', module='afstomp' Registering candidate plugin; module='afstomp', context='destination', name='stomp', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afuser.so', module='afuser' Registering candidate plugin; module='afuser', context='destination', name='usertty', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='basicfuncs.so', module='basicfuncs' Registering candidate plugin; module='basicfuncs', context='template-func', name='grep', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='if', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='echo', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='length', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='substr', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='strip', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='sanitize', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='lowercase', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='uppercase', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='replace-delimiter', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='+', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='-', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='*', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='/', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='%', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='ipv4-to-int', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='indent-multi-line', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='context-length', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='env', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='confgen.so', module='confgen' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='cryptofuncs.so', module='cryptofuncs' Registering candidate plugin; module='cryptofuncs', context='template-func', name='uuid', preference='0' Registering candidate plugin; module='cryptofuncs', context='template-func', name='hash', preference='0' Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha1', preference='0' Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha256', preference='0' Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha512', preference='0' Registering candidate plugin; module='cryptofuncs', context='template-func', name='md4', preference='0' Registering candidate plugin; module='cryptofuncs', context='template-func', name='md5', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='csvparser.so', module='csvparser' Registering candidate plugin; module='csvparser', context='parser', name='csv-parser', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='dbparser.so', module='dbparser' Registering candidate plugin; module='dbparser', context='parser', name='db-parser', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='linux-kmsg-format.so', module='linux-kmsg-format' Registering candidate plugin; module='linux-kmsg-format', context='format', name='linux-kmsg', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='syslogformat.so', module='syslogformat' Registering candidate plugin; module='syslogformat', context='format', name='syslog', preference='0' Registering candidate plugin; module='syslogformat', context='parser', name='syslog-parser', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='system-source.so', module='system-source' Finishing include; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' Starting to read include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' Module loaded and initialized successfully; module='confgen' Finishing include; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' Finishing include; filename='/etc/syslog-ng/scl.conf', depth='1' Module loaded and initialized successfully; module='afsocket-tls' Module loaded and initialized successfully; module='affile' Finishing include; content='source confgen system', depth='1' Module loaded and initialized successfully; module='afuser' Adding include file; filename='/etc/syslog-ng/conf.d/es.conf' Starting to read include file; filename='/etc/syslog-ng/conf.d/es.conf', depth='1' Error parsing destination, destination plugin elasticsearch2 not found in /etc/syslog-ng/conf.d/es.conf at line 5, column 3: included from /etc/syslog-ng/syslog-ng.conf line 68, column 1

elasticsearch2 ( ^^^^^^^^^^^^^^

syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng

------------------------------ *De: *"Nagy, Gábor" <gabor.nagy@balabit.com> *Para: *"Syslog-ng users' and developers' mailing list" < syslog-ng@lists.balabit.hu> *Enviadas: *Sexta-feira, 6 de abril de 2018 10:00:52 *Assunto: *Re: [syslog-ng] Problem activating: Centos7 + Syslog-ng OSE + Elasticsearch + kibana

Hi Andre!

Can you start syslog-ng in forergound mode with debugging to find out what is the problem? "/usr/sbin/syslog-ng -Fedv" Regards, Gabor

On Fri, Apr 6, 2018 at 1:29 PM, André Grehs <andre.grehs@bitcom.psi.br> wrote:

...

Hi group!

I installed a fresh Centos 7 setup to use it in a initial log management Project.

I´m made the procedures described at thw wizard https://syslog-ng.com/blog/syslog-ng-and-elasticsearch-6-getting-started-on-...

All is fine, but at the moment of the creation of the es.conf file of this procedure, the syslog-ng service could not start anymore. If i remove the es.conf file, the syslog-ng service start normally.

Can you help me with this problem?

P.S: Sorry for my english

Best Regards!

Andre.

______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

Version: [root@syslog conf.d]# /usr/sbin/syslog-ng -V syslog-ng 3.5.6 Installer-Version: 3.5.6 Revision: Compile-Date: Dec 30 2015 19:57:24 Available-Modules: affile,afprog,afsocket-notls,afsocket-tls,afsocket,afstomp,afuser,basicfuncs,confgen,cryptofuncs,csvparser,dbparser,linux-kmsg-format,syslogformat,system-source Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-Linux-Caps: on Enable-Pcre: on Scl.conf [root@syslog syslog-ng]# pwd /etc/syslog-ng [root@syslog syslog-ng]# grep '@define java-module-dir' scl.conf [root@syslog syslog-ng]# De: syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu] Em nome de Nagy, Gábor Enviada em: sexta-feira, 6 de abril de 2018 10:53 Para: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Assunto: Re: [syslog-ng] Problem activating: Centos7 + Syslog-ng OSE + Elasticsearch + kibana Which version of syslog-ng are you using? I guess the path for libjvm.so is set up correctly, you can check: /usr/sbin/syslog-ng -V Some help: https://syslog-ng.com/blog/troubleshooting-java-support-syslog-ng/ Can you check the /etc/syslog-ng/scl.conf file please? Does it have this line? @define java-module-dir "`module-install-dir`/java-modules" Gabor On Fri, Apr 6, 2018 at 3:49 PM, Kókai Péter <peter.kokai@balabit.com <mailto:peter.kokai@balabit.com> > wrote: Hello,

From the debug logs it looks to me that you have not installed syslog-ng-java. Otherwise it should be listed such as:

"Registering candidate plugin; module='java', context='destination', name=java', preference='0'" Do you have the above mentioned package installed ? -- Kokan On Fri, Apr 6, 2018 at 3:16 PM André F. Grehs <andre.grehs@bitcom.psi.br <mailto:andre.grehs@bitcom.psi.br> > wrote: Hi Gabor, thank you for your support. Below is the output: [root@syslog conf.d]# /usr/sbin/syslog-ng -Fedv Starting to read include file; filename='/etc/syslog-ng/scl.conf', depth='1' Global value changed; define='scl-root', value='/usr/share/syslog-ng/include/scl' Global value changed; define='include-path', value='/etc/syslog-ng:/usr/share/syslog-ng/include' Starting to read include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' Module loaded and initialized successfully; module='system-source' Finishing include; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' Starting to read include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' Reading path for candidate modules; path='//usr/lib64/syslog-ng' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='affile.so', module='affile' Registering candidate plugin; module='affile', context='source', name='file', preference='0' Registering candidate plugin; module='affile', context='source', name='pipe', preference='0' Registering candidate plugin; module='affile', context='destination', name='file', preference='0' Registering candidate plugin; module='affile', context='destination', name='pipe', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afprog.so', module='afprog' Registering candidate plugin; module='afprog', context='source', name='program', preference='0' Registering candidate plugin; module='afprog', context='destination', name='program', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afsocket-notls.so', module='afsocket-notls' Registering candidate plugin; module='afsocket-notls', context='source', name='unix-stream', preference='0' Registering candidate plugin; module='afsocket-notls', context='destination', name='unix-stream', preference='0' Registering candidate plugin; module='afsocket-notls', context='source', name='unix-dgram', preference='0' Registering candidate plugin; module='afsocket-notls', context='destination', name='unix-dgram', preference='0' Registering candidate plugin; module='afsocket-notls', context='source', name='tcp', preference='0' Registering candidate plugin; module='afsocket-notls', context='destination', name='tcp', preference='0' Registering candidate plugin; module='afsocket-notls', context='source', name='tcp6', preference='0' Registering candidate plugin; module='afsocket-notls', context='destination', name='tcp6', preference='0' Registering candidate plugin; module='afsocket-notls', context='source', name='udp', preference='0' Registering candidate plugin; module='afsocket-notls', context='destination', name='udp', preference='0' Registering candidate plugin; module='afsocket-notls', context='source', name='udp6', preference='0' Registering candidate plugin; module='afsocket-notls', context='destination', name='udp6', preference='0' Registering candidate plugin; module='afsocket-notls', context='source', name='syslog', preference='0' Registering candidate plugin; module='afsocket-notls', context='destination', name='syslog', preference='0' Registering candidate plugin; module='afsocket-notls', context='source', name='network', preference='0' Registering candidate plugin; module='afsocket-notls', context='destination', name='network', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afsocket-tls.so', module='afsocket-tls' Registering candidate plugin; module='afsocket-tls', context='source', name='unix-stream', preference='100' Registering candidate plugin; module='afsocket-tls', context='destination', name='unix-stream', preference='100' Registering candidate plugin; module='afsocket-tls', context='source', name='unix-dgram', preference='100' Registering candidate plugin; module='afsocket-tls', context='destination', name='unix-dgram', preference='100' Registering candidate plugin; module='afsocket-tls', context='source', name='tcp', preference='100' Registering candidate plugin; module='afsocket-tls', context='destination', name='tcp', preference='100' Registering candidate plugin; module='afsocket-tls', context='source', name='tcp6', preference='100' Registering candidate plugin; module='afsocket-tls', context='destination', name='tcp6', preference='100' Registering candidate plugin; module='afsocket-tls', context='source', name='udp', preference='100' Registering candidate plugin; module='afsocket-tls', context='destination', name='udp', preference='100' Registering candidate plugin; module='afsocket-tls', context='source', name='udp6', preference='100' Registering candidate plugin; module='afsocket-tls', context='destination', name='udp6', preference='100' Registering candidate plugin; module='afsocket-tls', context='source', name='syslog', preference='100' Registering candidate plugin; module='afsocket-tls', context='destination', name='syslog', preference='100' Registering candidate plugin; module='afsocket-tls', context='source', name='network', preference='100' Registering candidate plugin; module='afsocket-tls', context='destination', name='network', preference='100' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afsocket.so', module='afsocket' Registering candidate plugin; module='afsocket', context='source', name='unix-stream', preference='100' Registering candidate plugin; module='afsocket', context='destination', name='unix-stream', preference='100' Registering candidate plugin; module='afsocket', context='source', name='unix-dgram', preference='100' Registering candidate plugin; module='afsocket', context='destination', name='unix-dgram', preference='100' Registering candidate plugin; module='afsocket', context='source', name='tcp', preference='100' Registering candidate plugin; module='afsocket', context='destination', name='tcp', preference='100' Registering candidate plugin; module='afsocket', context='source', name='tcp6', preference='100' Registering candidate plugin; module='afsocket', context='destination', name='tcp6', preference='100' Registering candidate plugin; module='afsocket', context='source', name='udp', preference='100' Registering candidate plugin; module='afsocket', context='destination', name='udp', preference='100' Registering candidate plugin; module='afsocket', context='source', name='udp6', preference='100' Registering candidate plugin; module='afsocket', context='destination', name='udp6', preference='100' Registering candidate plugin; module='afsocket', context='source', name='syslog', preference='100' Registering candidate plugin; module='afsocket', context='destination', name='syslog', preference='100' Registering candidate plugin; module='afsocket', context='source', name='network', preference='100' Registering candidate plugin; module='afsocket', context='destination', name='network', preference='100' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afstomp.so', module='afstomp' Registering candidate plugin; module='afstomp', context='destination', name='stomp', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afuser.so', module='afuser' Registering candidate plugin; module='afuser', context='destination', name='usertty', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='basicfuncs.so', module='basicfuncs' Registering candidate plugin; module='basicfuncs', context='template-func', name='grep', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='if', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='echo', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='length', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='substr', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='strip', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='sanitize', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='lowercase', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='uppercase', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='replace-delimiter', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='+', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='-', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='*', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='/', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='%', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='ipv4-to-int', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='indent-multi-line', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='context-length', preference='0' Registering candidate plugin; module='basicfuncs', context='template-func', name='env', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='confgen.so', module='confgen' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='cryptofuncs.so', module='cryptofuncs' Registering candidate plugin; module='cryptofuncs', context='template-func', name='uuid', preference='0' Registering candidate plugin; module='cryptofuncs', context='template-func', name='hash', preference='0' Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha1', preference='0' Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha256', preference='0' Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha512', preference='0' Registering candidate plugin; module='cryptofuncs', context='template-func', name='md4', preference='0' Registering candidate plugin; module='cryptofuncs', context='template-func', name='md5', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='csvparser.so', module='csvparser' Registering candidate plugin; module='csvparser', context='parser', name='csv-parser', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='dbparser.so', module='dbparser' Registering candidate plugin; module='dbparser', context='parser', name='db-parser', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='linux-kmsg-format.so', module='linux-kmsg-format' Registering candidate plugin; module='linux-kmsg-format', context='format', name='linux-kmsg', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='syslogformat.so', module='syslogformat' Registering candidate plugin; module='syslogformat', context='format', name='syslog', preference='0' Registering candidate plugin; module='syslogformat', context='parser', name='syslog-parser', preference='0' Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='system-source.so', module='system-source' Finishing include; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' Starting to read include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' Module loaded and initialized successfully; module='confgen' Finishing include; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' Finishing include; filename='/etc/syslog-ng/scl.conf', depth='1' Module loaded and initialized successfully; module='afsocket-tls' Module loaded and initialized successfully; module='affile' Finishing include; content='source confgen system', depth='1' Module loaded and initialized successfully; module='afuser' Adding include file; filename='/etc/syslog-ng/conf.d/es.conf' Starting to read include file; filename='/etc/syslog-ng/conf.d/es.conf', depth='1' Error parsing destination, destination plugin elasticsearch2 not found in /etc/syslog-ng/conf.d/es.conf at line 5, column 3: included from /etc/syslog-ng/syslog-ng.conf line 68, column 1 elasticsearch2 ( ^^^^^^^^^^^^^^ syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng _____ De: "Nagy, Gábor" <gabor.nagy@balabit.com <mailto:gabor.nagy@balabit.com> > Para: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu> > Enviadas: Sexta-feira, 6 de abril de 2018 10:00:52 Assunto: Re: [syslog-ng] Problem activating: Centos7 + Syslog-ng OSE + Elasticsearch + kibana Hi Andre! Can you start syslog-ng in forergound mode with debugging to find out what is the problem? "/usr/sbin/syslog-ng -Fedv" Regards, Gabor On Fri, Apr 6, 2018 at 1:29 PM, André Grehs <andre.grehs@bitcom.psi.br <mailto:andre.grehs@bitcom.psi.br> > wrote: Hi group! I installed a fresh Centos 7 setup to use it in a initial log management Project. I´m made the procedures described at thw wizard https://syslog-ng.com/blog/syslog-ng-and-elasticsearch-6-getting-started-on-... All is fine, but at the moment of the creation of the es.conf file of this procedure, the syslog-ng service could not start anymore. If i remove the es.conf file, the syslog-ng service start normally. Can you help me with this problem? P.S: Sorry for my english Best Regards! Andre. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

Hi! Removed and reinstalled again with the correct repo. [root@syslog conf.d]# /usr/sbin/syslog-ng -V syslog-ng 3 (3.14.1) Config version: 3.14 Installer-Version: 3.14.1 Revision: Compile-Date: Feb 28 2018 07:34:20 Module-Directory: //usr/lib64/syslog-ng Module-Path: //usr/lib64/syslog-ng Available-Modules: add-contextual-data,afamqp,affile,afprog,afsocket,afstomp,afuser,appmodel,basicfuncs,cef,confgen,cryptofuncs,csvparser,date,dbparser,disk-buffer,graphite,json-plugin,kvformat,linux-kmsg-format,map-value-pairs,pseudofile,sdjournal,snmptrapd-parser,stardate,syslogformat,system-source,tags-parser,tfgetent,xml Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-Linux-Caps: on Enable-Systemd: on Now the java module appears at scl.conf [root@syslog syslog-ng]# grep '@define java-module-dir' scl.conf @define java-module-dir "`module-install-dir`/java-modules" [root@syslog syslog-ng]# java -version openjdk version "1.8.0_161" OpenJDK Runtime Environment (build 1.8.0_161-b14) OpenJDK 64-Bit Server VM (build 25.161-b14, mixed mode) But the service still not starting, below the new output. [root@syslog syslog-ng]# /usr/sbin/syslog-ng -Fedv [2018-04-06T11:12:32.179592] Systemd is detected as the running init system; [2018-04-06T11:12:32.182143] Starting to read include file; filename='/etc/syslog-ng/scl.conf', depth='1' [2018-04-06T11:12:32.184121] Adding include file; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2' [2018-04-06T11:12:32.184144] Adding include file; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2' [2018-04-06T11:12:32.184165] Adding include file; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2' [2018-04-06T11:12:32.184223] Adding include file; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2' [2018-04-06T11:12:32.184245] Adding include file; filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf', depth='2' [2018-04-06T11:12:32.184264] Adding include file; filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', depth='2' [2018-04-06T11:12:32.184284] Adding include file; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2' [2018-04-06T11:12:32.184303] Adding include file; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2' [2018-04-06T11:12:32.184323] Adding include file; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2' [2018-04-06T11:12:32.184342] Adding include file; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2' [2018-04-06T11:12:32.184361] Adding include file; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2' [2018-04-06T11:12:32.184380] Adding include file; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2' [2018-04-06T11:12:32.184400] Adding include file; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2' [2018-04-06T11:12:32.184419] Adding include file; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2' [2018-04-06T11:12:32.184439] Adding include file; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2' [2018-04-06T11:12:32.184459] Adding include file; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2' [2018-04-06T11:12:32.184485] Adding include file; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2' [2018-04-06T11:12:32.184525] Adding include file; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2' [2018-04-06T11:12:32.184546] Adding include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' [2018-04-06T11:12:32.184566] Adding include file; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2' [2018-04-06T11:12:32.184586] Adding include file; filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', depth='2' [2018-04-06T11:12:32.184606] Adding include file; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2' [2018-04-06T11:12:32.184626] Adding include file; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2' [2018-04-06T11:12:32.184646] Adding include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2018-04-06T11:12:32.184666] Adding include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' [2018-04-06T11:12:32.184685] Adding include file; filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', depth='2' [2018-04-06T11:12:32.184730] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2' [2018-04-06T11:12:32.213953] Registering candidate plugin; module='add-contextual-data', context='parser', name='add_contextual_data' [2018-04-06T11:12:32.214376] Registering candidate plugin; module='afamqp', context='destination', name='amqp' [2018-04-06T11:12:32.214467] Registering candidate plugin; module='affile', context='source', name='file' [2018-04-06T11:12:32.214500] Registering candidate plugin; module='affile', context='source', name='pipe' [2018-04-06T11:12:32.214521] Registering candidate plugin; module='affile', context='source', name='wildcard_file' [2018-04-06T11:12:32.214542] Registering candidate plugin; module='affile', context='source', name='stdin' [2018-04-06T11:12:32.214563] Registering candidate plugin; module='affile', context='destination', name='file' [2018-04-06T11:12:32.214584] Registering candidate plugin; module='affile', context='destination', name='pipe' [2018-04-06T11:12:32.214604] Registering candidate plugin; module='afprog', context='source', name='program' [2018-04-06T11:12:32.214625] Registering candidate plugin; module='afprog', context='destination', name='program' [2018-04-06T11:12:32.214646] Registering candidate plugin; module='afsocket', context='source', name='unix-stream' [2018-04-06T11:12:32.214667] Registering candidate plugin; module='afsocket', context='destination', name='unix-stream' [2018-04-06T11:12:32.214688] Registering candidate plugin; module='afsocket', context='source', name='unix-dgram' [2018-04-06T11:12:32.214761] Registering candidate plugin; module='afsocket', context='destination', name='unix-dgram' [2018-04-06T11:12:32.214808] Registering candidate plugin; module='afsocket', context='source', name='tcp' [2018-04-06T11:12:32.214835] Registering candidate plugin; module='afsocket', context='destination', name='tcp' [2018-04-06T11:12:32.214858] Registering candidate plugin; module='afsocket', context='source', name='tcp6' [2018-04-06T11:12:32.214879] Registering candidate plugin; module='afsocket', context='destination', name='tcp6' [2018-04-06T11:12:32.214908] Registering candidate plugin; module='afsocket', context='source', name='udp' [2018-04-06T11:12:32.214929] Registering candidate plugin; module='afsocket', context='destination', name='udp' [2018-04-06T11:12:32.214950] Registering candidate plugin; module='afsocket', context='source', name='udp6' [2018-04-06T11:12:32.214971] Registering candidate plugin; module='afsocket', context='destination', name='udp6' [2018-04-06T11:12:32.214992] Registering candidate plugin; module='afsocket', context='source', name='syslog' [2018-04-06T11:12:32.215013] Registering candidate plugin; module='afsocket', context='destination', name='syslog' [2018-04-06T11:12:32.215033] Registering candidate plugin; module='afsocket', context='source', name='network' [2018-04-06T11:12:32.215054] Registering candidate plugin; module='afsocket', context='destination', name='network' [2018-04-06T11:12:32.215076] Registering candidate plugin; module='afsocket', context='source', name='systemd-syslog' [2018-04-06T11:12:32.215542] Registering candidate plugin; module='afstomp', context='destination', name='stomp' [2018-04-06T11:12:32.215566] Registering candidate plugin; module='afuser', context='destination', name='usertty' [2018-04-06T11:12:32.215587] Registering candidate plugin; module='appmodel', context='root', name='application' [2018-04-06T11:12:32.215608] Registering candidate plugin; module='appmodel', context='parser', name='app-parser' [2018-04-06T11:12:32.215629] Registering candidate plugin; module='basicfuncs', context='template-func', name='grep' [2018-04-06T11:12:32.215650] Registering candidate plugin; module='basicfuncs', context='template-func', name='if' [2018-04-06T11:12:32.215671] Registering candidate plugin; module='basicfuncs', context='template-func', name='or' [2018-04-06T11:12:32.215692] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-lookup' [2018-04-06T11:12:32.215719] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-length' [2018-04-06T11:12:32.215740] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-values' [2018-04-06T11:12:32.215761] Registering candidate plugin; module='basicfuncs', context='template-func', name='echo' [2018-04-06T11:12:32.215782] Registering candidate plugin; module='basicfuncs', context='template-func', name='length' [2018-04-06T11:12:32.215803] Registering candidate plugin; module='basicfuncs', context='template-func', name='substr' [2018-04-06T11:12:32.215823] Registering candidate plugin; module='basicfuncs', context='template-func', name='strip' [2018-04-06T11:12:32.215844] Registering candidate plugin; module='basicfuncs', context='template-func', name='sanitize' [2018-04-06T11:12:32.215865] Registering candidate plugin; module='basicfuncs', context='template-func', name='lowercase' [2018-04-06T11:12:32.215886] Registering candidate plugin; module='basicfuncs', context='template-func', name='uppercase' [2018-04-06T11:12:32.215907] Registering candidate plugin; module='basicfuncs', context='template-func', name='replace-delimiter' [2018-04-06T11:12:32.215928] Registering candidate plugin; module='basicfuncs', context='template-func', name='padding' [2018-04-06T11:12:32.215949] Registering candidate plugin; module='basicfuncs', context='template-func', name='binary' [2018-04-06T11:12:32.215970] Registering candidate plugin; module='basicfuncs', context='template-func', name='dirname' [2018-04-06T11:12:32.215991] Registering candidate plugin; module='basicfuncs', context='template-func', name='basename' [2018-04-06T11:12:32.216012] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-concat' [2018-04-06T11:12:32.216033] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-head' [2018-04-06T11:12:32.216054] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-nth' [2018-04-06T11:12:32.216075] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-tail' [2018-04-06T11:12:32.216096] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-slice' [2018-04-06T11:12:32.216117] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-count' [2018-04-06T11:12:32.216138] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-append' [2018-04-06T11:12:32.216159] Registering candidate plugin; module='basicfuncs', context='template-func', name='+' [2018-04-06T11:12:32.216180] Registering candidate plugin; module='basicfuncs', context='template-func', name='-' [2018-04-06T11:12:32.216225] Registering candidate plugin; module='basicfuncs', context='template-func', name='*' [2018-04-06T11:12:32.216247] Registering candidate plugin; module='basicfuncs', context='template-func', name='/' [2018-04-06T11:12:32.216318] Registering candidate plugin; module='basicfuncs', context='template-func', name='%' [2018-04-06T11:12:32.216410] Registering candidate plugin; module='basicfuncs', context='template-func', name='sum' [2018-04-06T11:12:32.216432] Registering candidate plugin; module='basicfuncs', context='template-func', name='min' [2018-04-06T11:12:32.216453] Registering candidate plugin; module='basicfuncs', context='template-func', name='max' [2018-04-06T11:12:32.216474] Registering candidate plugin; module='basicfuncs', context='template-func', name='average' [2018-04-06T11:12:32.216495] Registering candidate plugin; module='basicfuncs', context='template-func', name='ipv4-to-int' [2018-04-06T11:12:32.216516] Registering candidate plugin; module='basicfuncs', context='template-func', name='indent-multi-line' [2018-04-06T11:12:32.216537] Registering candidate plugin; module='basicfuncs', context='template-func', name='env' [2018-04-06T11:12:32.216558] Registering candidate plugin; module='basicfuncs', context='template-func', name='template' [2018-04-06T11:12:32.216579] Registering candidate plugin; module='cef', context='template-func', name='format-cef-extension' [2018-04-06T11:12:32.216600] Registering candidate plugin; module='cryptofuncs', context='template-func', name='uuid' [2018-04-06T11:12:32.216621] Registering candidate plugin; module='cryptofuncs', context='template-func', name='hash' [2018-04-06T11:12:32.216641] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha1' [2018-04-06T11:12:32.216662] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha256' [2018-04-06T11:12:32.216683] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha512' [2018-04-06T11:12:32.216704] Registering candidate plugin; module='cryptofuncs', context='template-func', name='md4' [2018-04-06T11:12:32.216725] Registering candidate plugin; module='cryptofuncs', context='template-func', name='md5' [2018-04-06T11:12:32.216746] Registering candidate plugin; module='csvparser', context='parser', name='csv-parser' [2018-04-06T11:12:32.216840] Registering candidate plugin; module='date', context='parser', name='date-parser' [2018-04-06T11:12:32.216863] Registering candidate plugin; module='dbparser', context='parser', name='db-parser' [2018-04-06T11:12:32.216885] Registering candidate plugin; module='dbparser', context='parser', name='grouping-by' [2018-04-06T11:12:32.216906] Registering candidate plugin; module='disk-buffer', context='inner-dest', name='disk_buffer' [2018-04-06T11:12:32.216927] Registering candidate plugin; module='graphite', context='template-func', name='graphite_output' [2018-04-06T11:12:32.216948] Registering candidate plugin; module='json-plugin', context='parser', name='json-parser' [2018-04-06T11:12:32.216969] Registering candidate plugin; module='json-plugin', context='template-func', name='format_json' [2018-04-06T11:12:32.216990] Registering candidate plugin; module='kvformat', context='parser', name='kv-parser' [2018-04-06T11:12:32.217011] Registering candidate plugin; module='kvformat', context='parser', name='linux-audit-parser' [2018-04-06T11:12:32.217033] Registering candidate plugin; module='kvformat', context='template-func', name='format-welf' [2018-04-06T11:12:32.217054] Registering candidate plugin; module='linux-kmsg-format', context='format', name='linux-kmsg' [2018-04-06T11:12:32.217075] Registering candidate plugin; module='map-value-pairs', context='parser', name='map_value_pairs' [2018-04-06T11:12:32.217101] Registering candidate plugin; module='pseudofile', context='destination', name='pseudofile' [2018-04-06T11:12:32.217123] Registering candidate plugin; module='sdjournal', context='source', name='systemd-journal' [2018-04-06T11:12:32.217144] Registering candidate plugin; module='snmptrapd-parser', context='parser', name='snmptrapd-parser' [2018-04-06T11:12:32.217166] Registering candidate plugin; module='stardate', context='template-func', name='stardate' [2018-04-06T11:12:32.217212] Registering candidate plugin; module='syslogformat', context='format', name='syslog' [2018-04-06T11:12:32.217235] Registering candidate plugin; module='syslogformat', context='parser', name='syslog-parser' [2018-04-06T11:12:32.217256] Registering candidate plugin; module='system-source', context='source', name='system' [2018-04-06T11:12:32.217785] Registering candidate plugin; module='tags-parser', context='parser', name='tags-parser' [2018-04-06T11:12:32.217809] Registering candidate plugin; module='tfgetent', context='template-func', name='getent' [2018-04-06T11:12:32.217864] Registering candidate plugin; module='xml', context='parser', name='xml' [2018-04-06T11:12:32.219108] Finishing include; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2' [2018-04-06T11:12:32.219296] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2' [2018-04-06T11:12:32.223655] Module loaded and initialized successfully; module='appmodel' [2018-04-06T11:12:32.224233] Finishing include; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2' [2018-04-06T11:12:32.224363] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2' [2018-04-06T11:12:32.225628] Module loaded and initialized successfully; module='json-plugin' [2018-04-06T11:12:32.226715] Finishing include; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2' [2018-04-06T11:12:32.226802] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2' [2018-04-06T11:12:32.227266] Finishing include; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2' [2018-04-06T11:12:32.227342] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf', depth='2' [2018-04-06T11:12:32.227607] Finishing include; filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf', depth='2' [2018-04-06T11:12:32.227686] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', depth='2' [2018-04-06T11:12:32.228265] Finishing include; filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', depth='2' [2018-04-06T11:12:32.228345] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2' [2018-04-06T11:12:32.229071] Finishing include; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2' [2018-04-06T11:12:32.229151] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2' [2018-04-06T11:12:32.229368] Finishing include; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2' [2018-04-06T11:12:32.229440] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2' [2018-04-06T11:12:32.230532] Module loaded and initialized successfully; module='basicfuncs' [2018-04-06T11:12:32.230652] Finishing include; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2' [2018-04-06T11:12:32.230732] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2' [2018-04-06T11:12:32.230974] Finishing include; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2' [2018-04-06T11:12:32.231046] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2' [2018-04-06T11:12:32.231362] Finishing include; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2' [2018-04-06T11:12:32.231445] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2' [2018-04-06T11:12:32.231676] Finishing include; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2' [2018-04-06T11:12:32.231758] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2' [2018-04-06T11:12:32.233393] Module loaded and initialized successfully; module='confgen' [2018-04-06T11:12:32.233636] Finishing include; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2' [2018-04-06T11:12:32.233740] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2' [2018-04-06T11:12:32.234023] Finishing include; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2' [2018-04-06T11:12:32.234104] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2' [2018-04-06T11:12:32.234603] Finishing include; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2' [2018-04-06T11:12:32.234686] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2' [2018-04-06T11:12:32.234879] Finishing include; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2' [2018-04-06T11:12:32.234969] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2' [2018-04-06T11:12:32.235157] Finishing include; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2' [2018-04-06T11:12:32.235254] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2' [2018-04-06T11:12:32.235626] Finishing include; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2' [2018-04-06T11:12:32.235703] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' [2018-04-06T11:12:32.235885] Finishing include; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' [2018-04-06T11:12:32.235963] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2' [2018-04-06T11:12:32.236179] Global value changed; define='balabit.credit-card-regexp', value='(:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35d{3})d{11})' [2018-04-06T11:12:32.236353] Finishing include; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2' [2018-04-06T11:12:32.236433] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', depth='2' [2018-04-06T11:12:32.236625] Finishing include; filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', depth='2' [2018-04-06T11:12:32.236700] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2' [2018-04-06T11:12:32.236891] Finishing include; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2' [2018-04-06T11:12:32.236969] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2' [2018-04-06T11:12:32.237266] Finishing include; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2' [2018-04-06T11:12:32.237343] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2018-04-06T11:12:32.237621] Module loaded and initialized successfully; module='confgen' [2018-04-06T11:12:32.237667] Finishing include; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2018-04-06T11:12:32.237741] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' [2018-04-06T11:12:32.237906] Finishing include; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' [2018-04-06T11:12:32.237975] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', depth='2' [2018-04-06T11:12:32.238169] Finishing include; filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', depth='2' [2018-04-06T11:12:32.239372] Global value changed; define='java-module-dir', value='//usr/lib64/syslog-ng/java-modules' [2018-04-06T11:12:32.239620] Finishing include; filename='/etc/syslog-ng/scl.conf', depth='1' [2018-04-06T11:12:32.241686] Module loaded and initialized successfully; module='system-source' [2018-04-06T11:12:32.242605] Module loaded and initialized successfully; module='sdjournal' [2018-04-06T11:12:32.242905] Finishing include; content='parser generator app-parser', depth='2' [2018-04-06T11:12:32.244260] Module loaded and initialized successfully; module='kvformat' [2018-04-06T11:12:32.244364] Finishing include; content='parser generator iptables-parser', depth='3' [2018-04-06T11:12:32.245212] Module loaded and initialized successfully; module='csvparser' [2018-04-06T11:12:32.245414] Finishing include; content='parser generator sudo-parser', depth='3' [2018-04-06T11:12:32.245477] Finishing include; content='parser generator app-parser', depth='2' [2018-04-06T11:12:32.245542] Finishing include; content='source generator system', depth='1' [2018-04-06T11:12:32.246421] Module loaded and initialized successfully; module='affile' [2018-04-06T11:12:32.247513] Module loaded and initialized successfully; module='afuser' [2018-04-06T11:12:32.248470] Adding include file; filename='/etc/syslog-ng/conf.d/es.conf', depth='1' [2018-04-06T11:12:32.248519] Starting to read include file; filename='/etc/syslog-ng/conf.d/es.conf', depth='1' Error parsing destination, destination plugin java not found in destination generator elasticsearch2 at line 2, column 3: included from /etc/syslog-ng/conf.d/es.conf line 11, column 3 included from /etc/syslog-ng/syslog-ng.conf line 68, column 1 java ^^^^ syslog-ng documentation: https://www.balabit.com/support/documentation?product=syslog-ng-ose contact: https://lists.balabit.hu/mailman/listinfo/syslog-ng -----Mensagem original----- De: syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu] Em nome de Fabien Wernli Enviada em: sexta-feira, 6 de abril de 2018 11:02 Para: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Assunto: Re: [syslog-ng] RES: Problem activating: Centos7 + Syslog-ng OSE + Elasticsearch + kibana On Fri, Apr 06, 2018 at 10:56:35AM -0300, André Grehs wrote:

[root@syslog conf.d]# /usr/sbin/syslog-ng -V syslog-ng 3.5.6

That's too old. You want the newer packages not from your regular yum repo: https://syslog-ng.com/3rd-party-binaries ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

Hi Fabien! [root@syslog ~]# find / -name libjvm.so /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre/lib/amd64/s erver/libjvm.so [root@syslog ~]# export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0 .b14.el7_4.x86_64/jre/lib/amd64/server/ root@syslog ~]# set BASH=/bin/bash BASHOPTS=checkwinsize:cmdhist:expand_aliases:extquote:force_fignore:histappe nd:hostcomplete:interactive_comments:login_shell:progcomp:promptvars:sourcep ath BASH_ALIASES=() BASH_ARGC=() BASH_ARGV=() BASH_CMDS=() BASH_LINENO=() BASH_SOURCE=() BASH_VERSINFO=([0]="4" [1]="2" [2]="46" [3]="2" [4]="release" [5]="x86_64-redhat-linux-gnu") BASH_VERSION='4.2.46(2)-release' COLUMNS=237 DIRSTACK=() EUID=0 GROUPS=() HISTCONTROL=ignoredups HISTFILE=/root/.bash_history HISTFILESIZE=1000 HISTSIZE=1000 HOME=/root HOSTNAME=syslog.bitcom.psi.br HOSTTYPE=x86_64 IFS=$' \t\n' LANG=en_US.UTF-8 LD_LIBRARY_PATH=:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_6 4/jre/lib/amd64/server/ LESSOPEN='||/usr/bin/lesspipe.sh %s' LINES=65 LOGNAME=root LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33; 01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;4 2:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31 :*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*. txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31 :*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=0 1;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31 :*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.z oo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=0 1;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35 :*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*. svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2 v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v= 01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35: *.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl =01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01; 35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:* .mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra =01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:' MACHTYPE=x86_64-redhat-linux-gnu MAIL=/var/spool/mail/root MAILCHECK=60 OPTERR=1 OPTIND=1 OSTYPE=linux-gnu PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin PIPESTATUS=([0]="1") PPID=1167 PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"' PS1='[\u@\h \W]\$ ' PS2='> ' PS4='+ ' PWD=/root SHELL=/bin/bash SHELLOPTS=braceexpand:emacs:hashall:histexpand:history:interactive-comments: monitor SHLVL=1 SSH_TTY=/dev/pts/0 TERM=xterm UID=0 USER=root XDG_RUNTIME_DIR=/run/user/0 XDG_SESSION_ID=1 _=-Fdv colors=/root/.dircolors [root@syslog ~]# syslog-ng -Fdv [2018-04-09T10:55:53.853128] Systemd is detected as the running init system; [2018-04-09T10:55:53.855345] Starting to read include file; filename='/etc/syslog-ng/scl.conf', depth='1' [2018-04-09T10:55:53.857218] Adding include file; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2' [2018-04-09T10:55:53.857242] Adding include file; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2' [2018-04-09T10:55:53.857268] Adding include file; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2' [2018-04-09T10:55:53.857287] Adding include file; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2' [2018-04-09T10:55:53.857306] Adding include file; filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.co nf', depth='2' [2018-04-09T10:55:53.857325] Adding include file; filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', depth='2' [2018-04-09T10:55:53.857344] Adding include file; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2' [2018-04-09T10:55:53.857363] Adding include file; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2' [2018-04-09T10:55:53.857381] Adding include file; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2' [2018-04-09T10:55:53.857400] Adding include file; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2' [2018-04-09T10:55:53.857419] Adding include file; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2' [2018-04-09T10:55:53.857437] Adding include file; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2' [2018-04-09T10:55:53.857456] Adding include file; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2' [2018-04-09T10:55:53.857475] Adding include file; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2' [2018-04-09T10:55:53.857495] Adding include file; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2' [2018-04-09T10:55:53.857514] Adding include file; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2' [2018-04-09T10:55:53.857568] Adding include file; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2' [2018-04-09T10:55:53.857589] Adding include file; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2' [2018-04-09T10:55:53.857608] Adding include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' [2018-04-09T10:55:53.857627] Adding include file; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2' [2018-04-09T10:55:53.857666] Adding include file; filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', depth='2' [2018-04-09T10:55:53.857687] Adding include file; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2' [2018-04-09T10:55:53.857707] Adding include file; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2' [2018-04-09T10:55:53.857726] Adding include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2018-04-09T10:55:53.857745] Adding include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' [2018-04-09T10:55:53.857764] Adding include file; filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', depth='2' [2018-04-09T10:55:53.857800] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2' [2018-04-09T10:55:53.886767] Registering candidate plugin; module='add-contextual-data', context='parser', name='add_contextual_data' [2018-04-09T10:55:53.886889] Registering candidate plugin; module='afamqp', context='destination', name='amqp' [2018-04-09T10:55:53.886930] Registering candidate plugin; module='affile', context='source', name='file' [2018-04-09T10:55:53.886952] Registering candidate plugin; module='affile', context='source', name='pipe' [2018-04-09T10:55:53.886972] Registering candidate plugin; module='affile', context='source', name='wildcard_file' [2018-04-09T10:55:53.886993] Registering candidate plugin; module='affile', context='source', name='stdin' [2018-04-09T10:55:53.887013] Registering candidate plugin; module='affile', context='destination', name='file' [2018-04-09T10:55:53.887033] Registering candidate plugin; module='affile', context='destination', name='pipe' [2018-04-09T10:55:53.887054] Registering candidate plugin; module='afprog', context='source', name='program' [2018-04-09T10:55:53.887074] Registering candidate plugin; module='afprog', context='destination', name='program' [2018-04-09T10:55:53.887094] Registering candidate plugin; module='afsocket', context='source', name='unix-stream' [2018-04-09T10:55:53.887115] Registering candidate plugin; module='afsocket', context='destination', name='unix-stream' [2018-04-09T10:55:53.887135] Registering candidate plugin; module='afsocket', context='source', name='unix-dgram' [2018-04-09T10:55:53.887175] Registering candidate plugin; module='afsocket', context='destination', name='unix-dgram' [2018-04-09T10:55:53.887197] Registering candidate plugin; module='afsocket', context='source', name='tcp' [2018-04-09T10:55:53.887218] Registering candidate plugin; module='afsocket', context='destination', name='tcp' [2018-04-09T10:55:53.887239] Registering candidate plugin; module='afsocket', context='source', name='tcp6' [2018-04-09T10:55:53.887260] Registering candidate plugin; module='afsocket', context='destination', name='tcp6' [2018-04-09T10:55:53.887280] Registering candidate plugin; module='afsocket', context='source', name='udp' [2018-04-09T10:55:53.887301] Registering candidate plugin; module='afsocket', context='destination', name='udp' [2018-04-09T10:55:53.887322] Registering candidate plugin; module='afsocket', context='source', name='udp6' [2018-04-09T10:55:53.887342] Registering candidate plugin; module='afsocket', context='destination', name='udp6' [2018-04-09T10:55:53.887363] Registering candidate plugin; module='afsocket', context='source', name='syslog' [2018-04-09T10:55:53.887384] Registering candidate plugin; module='afsocket', context='destination', name='syslog' [2018-04-09T10:55:53.887404] Registering candidate plugin; module='afsocket', context='source', name='network' [2018-04-09T10:55:53.887425] Registering candidate plugin; module='afsocket', context='destination', name='network' [2018-04-09T10:55:53.887446] Registering candidate plugin; module='afsocket', context='source', name='systemd-syslog' [2018-04-09T10:55:53.887523] Registering candidate plugin; module='afstomp', context='destination', name='stomp' [2018-04-09T10:55:53.887574] Registering candidate plugin; module='afuser', context='destination', name='usertty' [2018-04-09T10:55:53.888458] Registering candidate plugin; module='appmodel', context='root', name='application' [2018-04-09T10:55:53.888509] Registering candidate plugin; module='appmodel', context='parser', name='app-parser' [2018-04-09T10:55:53.888563] Registering candidate plugin; module='basicfuncs', context='template-func', name='grep' [2018-04-09T10:55:53.888587] Registering candidate plugin; module='basicfuncs', context='template-func', name='if' [2018-04-09T10:55:53.889081] Registering candidate plugin; module='basicfuncs', context='template-func', name='or' [2018-04-09T10:55:53.889103] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-lookup' [2018-04-09T10:55:53.889124] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-length' [2018-04-09T10:55:53.889145] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-values' [2018-04-09T10:55:53.889172] Registering candidate plugin; module='basicfuncs', context='template-func', name='echo' [2018-04-09T10:55:53.889193] Registering candidate plugin; module='basicfuncs', context='template-func', name='length' [2018-04-09T10:55:53.889214] Registering candidate plugin; module='basicfuncs', context='template-func', name='substr' [2018-04-09T10:55:53.889234] Registering candidate plugin; module='basicfuncs', context='template-func', name='strip' [2018-04-09T10:55:53.889255] Registering candidate plugin; module='basicfuncs', context='template-func', name='sanitize' [2018-04-09T10:55:53.889276] Registering candidate plugin; module='basicfuncs', context='template-func', name='lowercase' [2018-04-09T10:55:53.889297] Registering candidate plugin; module='basicfuncs', context='template-func', name='uppercase' [2018-04-09T10:55:53.889318] Registering candidate plugin; module='basicfuncs', context='template-func', name='replace-delimiter' [2018-04-09T10:55:53.889339] Registering candidate plugin; module='basicfuncs', context='template-func', name='padding' [2018-04-09T10:55:53.889360] Registering candidate plugin; module='basicfuncs', context='template-func', name='binary' [2018-04-09T10:55:53.889381] Registering candidate plugin; module='basicfuncs', context='template-func', name='dirname' [2018-04-09T10:55:53.889402] Registering candidate plugin; module='basicfuncs', context='template-func', name='basename' [2018-04-09T10:55:53.889423] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-concat' [2018-04-09T10:55:53.889444] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-head' [2018-04-09T10:55:53.889465] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-nth' [2018-04-09T10:55:53.889486] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-tail' [2018-04-09T10:55:53.889507] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-slice' [2018-04-09T10:55:53.889528] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-count' [2018-04-09T10:55:53.889579] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-append' [2018-04-09T10:55:53.889600] Registering candidate plugin; module='basicfuncs', context='template-func', name='+' [2018-04-09T10:55:53.889627] Registering candidate plugin; module='basicfuncs', context='template-func', name='-' [2018-04-09T10:55:53.889648] Registering candidate plugin; module='basicfuncs', context='template-func', name='*' [2018-04-09T10:55:53.889669] Registering candidate plugin; module='basicfuncs', context='template-func', name='/' [2018-04-09T10:55:53.889689] Registering candidate plugin; module='basicfuncs', context='template-func', name='%' [2018-04-09T10:55:53.889711] Registering candidate plugin; module='basicfuncs', context='template-func', name='sum' [2018-04-09T10:55:53.889809] Registering candidate plugin; module='basicfuncs', context='template-func', name='min' [2018-04-09T10:55:53.889856] Registering candidate plugin; module='basicfuncs', context='template-func', name='max' [2018-04-09T10:55:53.889878] Registering candidate plugin; module='basicfuncs', context='template-func', name='average' [2018-04-09T10:55:53.889899] Registering candidate plugin; module='basicfuncs', context='template-func', name='ipv4-to-int' [2018-04-09T10:55:53.889920] Registering candidate plugin; module='basicfuncs', context='template-func', name='indent-multi-line' [2018-04-09T10:55:53.889941] Registering candidate plugin; module='basicfuncs', context='template-func', name='env' [2018-04-09T10:55:53.889962] Registering candidate plugin; module='basicfuncs', context='template-func', name='template' [2018-04-09T10:55:53.889983] Registering candidate plugin; module='cef', context='template-func', name='format-cef-extension' [2018-04-09T10:55:53.890005] Registering candidate plugin; module='cryptofuncs', context='template-func', name='uuid' [2018-04-09T10:55:53.890026] Registering candidate plugin; module='cryptofuncs', context='template-func', name='hash' [2018-04-09T10:55:53.890047] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha1' [2018-04-09T10:55:53.890068] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha256' [2018-04-09T10:55:53.890089] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha512' [2018-04-09T10:55:53.890110] Registering candidate plugin; module='cryptofuncs', context='template-func', name='md4' [2018-04-09T10:55:53.890131] Registering candidate plugin; module='cryptofuncs', context='template-func', name='md5' [2018-04-09T10:55:53.890152] Registering candidate plugin; module='csvparser', context='parser', name='csv-parser' [2018-04-09T10:55:53.890211] Registering candidate plugin; module='date', context='parser', name='date-parser' [2018-04-09T10:55:53.890233] Registering candidate plugin; module='dbparser', context='parser', name='db-parser' [2018-04-09T10:55:53.890254] Registering candidate plugin; module='dbparser', context='parser', name='grouping-by' [2018-04-09T10:55:53.890275] Registering candidate plugin; module='disk-buffer', context='inner-dest', name='disk_buffer' [2018-04-09T10:55:53.890297] Registering candidate plugin; module='graphite', context='template-func', name='graphite_output' [2018-04-09T10:55:53.890318] Registering candidate plugin; module='json-plugin', context='parser', name='json-parser' [2018-04-09T10:55:53.890339] Registering candidate plugin; module='json-plugin', context='template-func', name='format_json' [2018-04-09T10:55:53.890410] Registering candidate plugin; module='kvformat', context='parser', name='kv-parser' [2018-04-09T10:55:53.890460] Registering candidate plugin; module='kvformat', context='parser', name='linux-audit-parser' [2018-04-09T10:55:53.890482] Registering candidate plugin; module='kvformat', context='template-func', name='format-welf' [2018-04-09T10:55:53.890504] Registering candidate plugin; module='linux-kmsg-format', context='format', name='linux-kmsg' [2018-04-09T10:55:53.890603] Registering candidate plugin; module='map-value-pairs', context='parser', name='map_value_pairs' [2018-04-09T10:55:53.890631] Registering candidate plugin; module='pseudofile', context='destination', name='pseudofile' [2018-04-09T10:55:53.890653] Registering candidate plugin; module='sdjournal', context='source', name='systemd-journal' [2018-04-09T10:55:53.890674] Registering candidate plugin; module='snmptrapd-parser', context='parser', name='snmptrapd-parser' [2018-04-09T10:55:53.890696] Registering candidate plugin; module='stardate', context='template-func', name='stardate' [2018-04-09T10:55:53.890717] Registering candidate plugin; module='syslogformat', context='format', name='syslog' [2018-04-09T10:55:53.890738] Registering candidate plugin; module='syslogformat', context='parser', name='syslog-parser' [2018-04-09T10:55:53.890759] Registering candidate plugin; module='system-source', context='source', name='system' [2018-04-09T10:55:53.890780] Registering candidate plugin; module='tags-parser', context='parser', name='tags-parser' [2018-04-09T10:55:53.890801] Registering candidate plugin; module='tfgetent', context='template-func', name='getent' [2018-04-09T10:55:53.890878] Registering candidate plugin; module='xml', context='parser', name='xml' [2018-04-09T10:55:53.892156] Finishing include; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2' [2018-04-09T10:55:53.892312] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2' [2018-04-09T10:55:53.894597] Module loaded and initialized successfully; module='appmodel' [2018-04-09T10:55:53.894769] Finishing include; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2' [2018-04-09T10:55:53.894844] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2' [2018-04-09T10:55:53.898198] Module loaded and initialized successfully; module='json-plugin' [2018-04-09T10:55:53.899834] Finishing include; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2' [2018-04-09T10:55:53.899929] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2' [2018-04-09T10:55:53.900460] Finishing include; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2' [2018-04-09T10:55:53.900558] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.co nf', depth='2' [2018-04-09T10:55:53.900830] Finishing include; filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.co nf', depth='2' [2018-04-09T10:55:53.900901] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', depth='2' [2018-04-09T10:55:53.901448] Finishing include; filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', depth='2' [2018-04-09T10:55:53.901520] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2' [2018-04-09T10:55:53.902210] Finishing include; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2' [2018-04-09T10:55:53.902282] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2' [2018-04-09T10:55:53.902468] Finishing include; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2' [2018-04-09T10:55:53.902577] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2' [2018-04-09T10:55:53.903751] Module loaded and initialized successfully; module='basicfuncs' [2018-04-09T10:55:53.903875] Finishing include; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2' [2018-04-09T10:55:53.903947] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2' [2018-04-09T10:55:53.904188] Finishing include; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2' [2018-04-09T10:55:53.904283] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2' [2018-04-09T10:55:53.904525] Finishing include; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2' [2018-04-09T10:55:53.904625] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2' [2018-04-09T10:55:53.904858] Finishing include; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2' [2018-04-09T10:55:53.904935] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2' [2018-04-09T10:55:53.905946] Module loaded and initialized successfully; module='confgen' [2018-04-09T10:55:53.906075] Finishing include; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2' [2018-04-09T10:55:53.906160] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2' [2018-04-09T10:55:53.906424] Finishing include; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2' [2018-04-09T10:55:53.906496] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2' [2018-04-09T10:55:53.906924] Finishing include; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2' [2018-04-09T10:55:53.907003] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2' [2018-04-09T10:55:53.907183] Finishing include; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2' [2018-04-09T10:55:53.907253] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2' [2018-04-09T10:55:53.907441] Finishing include; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2' [2018-04-09T10:55:53.907511] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2' [2018-04-09T10:55:53.907833] Finishing include; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2' [2018-04-09T10:55:53.907903] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' [2018-04-09T10:55:53.908079] Finishing include; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' [2018-04-09T10:55:53.908155] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2' [2018-04-09T10:55:53.908354] Global value changed; define='balabit.credit-card-regexp', value='(:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{1 2}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35d{3})d{11})' [2018-04-09T10:55:53.908484] Finishing include; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2' [2018-04-09T10:55:53.908592] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', depth='2' [2018-04-09T10:55:53.908789] Finishing include; filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', depth='2' [2018-04-09T10:55:53.908859] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2' [2018-04-09T10:55:53.909047] Finishing include; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2' [2018-04-09T10:55:53.909116] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2' [2018-04-09T10:55:53.909355] Finishing include; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2' [2018-04-09T10:55:53.909425] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2018-04-09T10:55:53.909715] Module loaded and initialized successfully; module='confgen' [2018-04-09T10:55:53.909760] Finishing include; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2018-04-09T10:55:53.909830] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' [2018-04-09T10:55:53.909993] Finishing include; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' [2018-04-09T10:55:53.910062] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', depth='2' [2018-04-09T10:55:53.910257] Finishing include; filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', depth='2' [2018-04-09T10:55:53.910340] Global value changed; define='java-module-dir', value='//usr/lib64/syslog-ng/java-modules' [2018-04-09T10:55:53.910387] Finishing include; filename='/etc/syslog-ng/scl.conf', depth='1' [2018-04-09T10:55:53.911091] Module loaded and initialized successfully; module='system-source' [2018-04-09T10:55:53.911943] Module loaded and initialized successfully; module='sdjournal' [2018-04-09T10:55:53.912190] Finishing include; content='parser generator app-parser', depth='2' [2018-04-09T10:55:53.913427] Module loaded and initialized successfully; module='kvformat' [2018-04-09T10:55:53.913513] Finishing include; content='parser generator iptables-parser', depth='3' [2018-04-09T10:55:53.915941] Module loaded and initialized successfully; module='csvparser' [2018-04-09T10:55:53.916245] Finishing include; content='parser generator sudo-parser', depth='3' [2018-04-09T10:55:53.916311] Finishing include; content='parser generator app-parser', depth='2' [2018-04-09T10:55:53.916398] Finishing include; content='source generator system', depth='1' [2018-04-09T10:55:53.917303] Module loaded and initialized successfully; module='affile' [2018-04-09T10:55:53.918437] Module loaded and initialized successfully; module='afuser' [2018-04-09T10:55:53.919406] Adding include file; filename='/etc/syslog-ng/conf.d/es.conf', depth='1' [2018-04-09T10:55:53.919445] Starting to read include file; filename='/etc/syslog-ng/conf.d/es.conf', depth='1' Error parsing destination, destination plugin java not found in destination generator elasticsearch2 at line 2, column 3: included from /etc/syslog-ng/conf.d/es.conf line 11, column 3 included from /etc/syslog-ng/syslog-ng.conf line 68, column 1 java ^^^^ syslog-ng documentation: https://www.balabit.com/support/documentation?product=syslog-ng-ose contact: https://lists.balabit.hu/mailman/listinfo/syslog-ng -----Mensagem original----- De: Fabien Wernli [mailto:wernli@in2p3.fr] Enviada em: sábado, 7 de abril de 2018 09:06 Para: André Grehs <andre.grehs@bitcom.psi.br> Cc: 'Syslog-ng users' and developers' mailing list' <syslog-ng@lists.balabit.hu> Assunto: Re: RES: [syslog-ng] RES: Problem activating: Centos7 + Syslog-ng OSE + Elasticsearch + kibana Hi, Can you run syslog-ng again using the correct LD_LIBRARY_PATH? Just use this: LD_LIBRARY_PATH=/path/to/the/directory/where/libjvm.so/is/located syslog-ng -Fdv