Java issue with elasticsearch
Good day all, I'm new to this mailing list. I'm setting up syslong-ng+elasticsearch+kibana on an Ubuntu 18.04; i'm getting the following output/error from command: ]#syslog-ng -Fve Error parsing destination, destination plugin java not found in block destination elasticsearch2 (at /usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf:58:1): 1 2-----> java( 2-----> ^^^^ 3 class_path("/usr/lib/syslog-ng/3.15/java-modules/*.jar:/usr/lib/syslog-ng/3.15/java-modules/elastic-jest-client/*.jar:/opt/syslog-ng/jre1.8.0_171/lib//*.jar") 4 class_name("org.syslog_ng.elasticsearch_v2.ElasticSearchDestination") 5 option("index", "*log*") 6 option("type", "syslog") 7 option("server", "localhost") Included from /etc/syslog-ng/syslog-ng.conf: 90 # Debian only 91 destination d_ppp { file("/var/log/ppp.log"); }; 92 93 # Elasticsearch destination 94 destination d_es { 95----> elasticsearch2( 95----> ^^^^^^^^^^^^^^^^ 96 cluster("syslog-ng") 97 client-lib-dir("/usr/share/elasticsearch/lib/") 98 client-lib-dir("/opt/syslog-ng/jre1.8.0_171/lib/") 99 time-zone("UTC") 100 cluster-url("http://localhost:9200") Any help is welcome. Thanks.
Hi Komi! You need the java package for syslog-ng too: "syslog-ng-mod-java". What is the source of the syslog-ng package you installed? You will need additional steps after you have installed the syslog-ng java package. In our admin we have detailed instructions to setup elasticsearch2 destination: https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-n... Feel free to ask if you got stuck! Regards, Gabor On Fri, May 25, 2018 at 10:49 AM, Komi Elitcha <kmw.elitcha@gmail.com> wrote:
Good day all,
I'm new to this mailing list.
I'm setting up syslong-ng+elasticsearch+kibana on an Ubuntu 18.04; i'm getting the following output/error from command: ]#syslog-ng -Fve
Error parsing destination, destination plugin java not found in block destination elasticsearch2 (at /usr/share/syslog-ng/include/s cl/elasticsearch/plugin.conf:58:1): 1 2-----> java( 2-----> ^^^^ 3 class_path("/usr/lib/syslog-ng/3.15/java-modules/*.jar:/usr/ lib/syslog-ng/3.15/java-modules/elastic-jest-client/*.jar:/ opt/syslog-ng/jre1.8.0_171/lib//*.jar") 4 class_name("org.syslog_ng.elasticsearch_v2.ElasticSearchDestination") 5 option("index", "*log*") 6 option("type", "syslog") 7 option("server", "localhost")
Included from /etc/syslog-ng/syslog-ng.conf: 90 # Debian only 91 destination d_ppp { file("/var/log/ppp.log"); }; 92 93 # Elasticsearch destination 94 destination d_es { 95----> elasticsearch2( 95----> ^^^^^^^^^^^^^^^^ 96 cluster("syslog-ng") 97 client-lib-dir("/usr/share/elasticsearch/lib/") 98 client-lib-dir("/opt/syslog-ng/jre1.8.0_171/lib/") 99 time-zone("UTC") 100 cluster-url("http://localhost:9200")
Any help is welcome.
Thanks.
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Sorry I forgot to link our blog post about common java problems. It could help and explain some common errors during installation. https://syslog-ng.com/blog/troubleshooting-java-support-syslog-ng/ Regards, Gabor On Fri, May 25, 2018 at 11:35 AM, Nagy, Gábor <gabor.nagy@balabit.com> wrote:
Hi Komi!
You need the java package for syslog-ng too: "syslog-ng-mod-java". What is the source of the syslog-ng package you installed?
You will need additional steps after you have installed the syslog-ng java package. In our admin we have detailed instructions to setup elasticsearch2 destination: https://syslog-ng.com/documents/html/syslog-ng-ose- latest-guides/en/syslog-ng-ose-guide-admin/html/configuring-destinations- elasticsearch2.html
Feel free to ask if you got stuck!
Regards, Gabor
On Fri, May 25, 2018 at 10:49 AM, Komi Elitcha <kmw.elitcha@gmail.com> wrote:
Good day all,
I'm new to this mailing list.
I'm setting up syslong-ng+elasticsearch+kibana on an Ubuntu 18.04; i'm getting the following output/error from command: ]#syslog-ng -Fve
Error parsing destination, destination plugin java not found in block destination elasticsearch2 (at /usr/share/syslog-ng/include/s cl/elasticsearch/plugin.conf:58:1): 1 2-----> java( 2-----> ^^^^ 3 class_path("/usr/lib/syslog-ng/3.15/java-modules/*.jar:/usr/ lib/syslog-ng/3.15/java-modules/elastic-jest-client/*.jar:/o pt/syslog-ng/jre1.8.0_171/lib//*.jar") 4 class_name("org.syslog_ng.elasticsearch_v2.ElasticSearchDestination") 5 option("index", "*log*") 6 option("type", "syslog") 7 option("server", "localhost")
Included from /etc/syslog-ng/syslog-ng.conf: 90 # Debian only 91 destination d_ppp { file("/var/log/ppp.log"); }; 92 93 # Elasticsearch destination 94 destination d_es { 95----> elasticsearch2( 95----> ^^^^^^^^^^^^^^^^ 96 cluster("syslog-ng") 97 client-lib-dir("/usr/share/elasticsearch/lib/") 98 client-lib-dir("/opt/syslog-ng/jre1.8.0_171/lib/") 99 time-zone("UTC") 100 cluster-url("http://localhost:9200")
Any help is welcome.
Thanks.
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi, Make sure that your LD_LIBRARY_PATH envvar (or ld.so.conf) contains a path to libjvm.so. There are good examples for this in the previously mentioned blog post. -- László Várady On Fri, May 25, 2018 at 12:20 PM Nagy, Gábor <gabor.nagy@balabit.com> wrote:
Sorry I forgot to link our blog post about common java problems. It could help and explain some common errors during installation.
https://syslog-ng.com/blog/troubleshooting-java-support-syslog-ng/
Regards, Gabor
On Fri, May 25, 2018 at 11:35 AM, Nagy, Gábor <gabor.nagy@balabit.com> wrote:
Hi Komi!
You need the java package for syslog-ng too: "syslog-ng-mod-java". What is the source of the syslog-ng package you installed?
You will need additional steps after you have installed the syslog-ng java package. In our admin we have detailed instructions to setup elasticsearch2 destination:
https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-n...
Feel free to ask if you got stuck!
Regards, Gabor
On Fri, May 25, 2018 at 10:49 AM, Komi Elitcha <kmw.elitcha@gmail.com> wrote:
Good day all,
I'm new to this mailing list.
I'm setting up syslong-ng+elasticsearch+kibana on an Ubuntu 18.04; i'm getting the following output/error from command: ]#syslog-ng -Fve
Error parsing destination, destination plugin java not found in block destination elasticsearch2 (at /usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf:58:1): 1 2-----> java( 2-----> ^^^^ 3 class_path("/usr/lib/syslog-ng/3.15/java-modules/*.jar:/usr/lib/syslog-ng/3.15/java-modules/elastic-jest-client/*.jar:/opt/syslog-ng/jre1.8.0_171/lib//*.jar") 4 class_name("org.syslog_ng.elasticsearch_v2.ElasticSearchDestination") 5 option("index", "*log*") 6 option("type", "syslog") 7 option("server", "localhost")
Included from /etc/syslog-ng/syslog-ng.conf: 90 # Debian only 91 destination d_ppp { file("/var/log/ppp.log"); }; 92 93 # Elasticsearch destination 94 destination d_es { 95----> elasticsearch2( 95----> ^^^^^^^^^^^^^^^^ 96 cluster("syslog-ng") 97 client-lib-dir("/usr/share/elasticsearch/lib/") 98 client-lib-dir("/opt/syslog-ng/jre1.8.0_171/lib/") 99 time-zone("UTC") 100 cluster-url("http://localhost:9200")
Any help is welcome.
Thanks.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Thank you Gabor, Your below comments were very helpful and i suspect i've solved the java issue (maybe i should open a new thread). After setting correctly the java env in bashrc, this the output i get from #syslog-ng -Fve command: Error parsing config, syntax error, unexpected $end, expecting ';' in /etc/syslog-ng/syslog-ng.conf: 173 log { source(s_src); filter(f_messages); destination(d_messages); }; 174 175 log { source(s_src); filter(f_console); destination(d_console_all); 176 destination(d_xconsole); }; 177 log { source(s_src); filter(f_crit); destination(d_console); }; 178---> 178---> ^ 179 # All messages send to a remote site 180 # 181 #log { source(s_src); destination(d_net); }; 182 log { source(s_net); destination(d_es); flags(flow-control); }; 183 I cannot see any syntax error (regarding the ';') in my syslong-ng.conf file. Is there any know bug related to this. Also, i wonder why "log {---}' syntaxes are returning errors. Regards, Le 25/05/2018 à 10:20, Nagy, Gábor a écrit :
Sorry I forgot to link our blog post about common java problems. It could help and explain some common errors during installation.
https://syslog-ng.com/blog/troubleshooting-java-support-syslog-ng/
Regards, Gabor
On Fri, May 25, 2018 at 11:35 AM, Nagy, Gábor <gabor.nagy@balabit.com <mailto:gabor.nagy@balabit.com>> wrote:
Hi Komi!
You need the java package for syslog-ng too: "syslog-ng-mod-java". What is the source of the syslog-ng package you installed?
You will need additional steps after you have installed the syslog-ng java package. In our admin we have detailed instructions to setup elasticsearch2 destination: https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-n... <https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configuring-destinations-elasticsearch2.html>
Feel free to ask if you got stuck!
Regards, Gabor
On Fri, May 25, 2018 at 10:49 AM, Komi Elitcha <kmw.elitcha@gmail.com <mailto:kmw.elitcha@gmail.com>> wrote:
Good day all,
I'm new to this mailing list.
I'm setting up syslong-ng+elasticsearch+kibana on an Ubuntu 18.04; i'm getting the following output/error from command: ]#syslog-ng -Fve
Error parsing destination, destination plugin java not found in block destination elasticsearch2 (at /usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf:58:1): 1 2-----> java( 2-----> ^^^^ 3 class_path("/usr/lib/syslog-ng/3.15/java-modules/*.jar:/usr/lib/syslog-ng/3.15/java-modules/elastic-jest-client/*.jar:/opt/syslog-ng/jre1.8.0_171/lib//*.jar") 4 class_name("org.syslog_ng.elasticsearch_v2.ElasticSearchDestination") 5 option("index", "*log*") 6 option("type", "syslog") 7 option("server", "localhost")
Included from /etc/syslog-ng/syslog-ng.conf: 90 # Debian only 91 destination d_ppp { file("/var/log/ppp.log"); }; 92 93 # Elasticsearch destination 94 destination d_es { 95----> elasticsearch2( 95----> ^^^^^^^^^^^^^^^^ 96 cluster("syslog-ng") 97 client-lib-dir("/usr/share/elasticsearch/lib/") 98 client-lib-dir("/opt/syslog-ng/jre1.8.0_171/lib/") 99 time-zone("UTC") 100 cluster-url("http://localhost:9200 <http://localhost:9200>")
Any help is welcome.
Thanks.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Oups... Additionally, i'm getting an error saying that syslog-ng-core in not configured yet. I hope i didn't miss anything. Thanks. Le 25/05/2018 à 18:39, Komi Elitcha a écrit :
Thank you Gabor,
Your below comments were very helpful and i suspect i've solved the java issue (maybe i should open a new thread).
After setting correctly the java env in bashrc, this the output i get from #syslog-ng -Fve command:
Error parsing config, syntax error, unexpected $end, expecting ';' in /etc/syslog-ng/syslog-ng.conf: 173 log { source(s_src); filter(f_messages); destination(d_messages); }; 174 175 log { source(s_src); filter(f_console); destination(d_console_all); 176 destination(d_xconsole); }; 177 log { source(s_src); filter(f_crit); destination(d_console); }; 178---> 178---> ^ 179 # All messages send to a remote site 180 # 181 #log { source(s_src); destination(d_net); }; 182 log { source(s_net); destination(d_es); flags(flow-control); }; 183
I cannot see any syntax error (regarding the ';') in my syslong-ng.conf file. Is there any know bug related to this. Also, i wonder why "log {---}' syntaxes are returning errors.
Regards,
Le 25/05/2018 à 10:20, Nagy, Gábor a écrit :
Sorry I forgot to link our blog post about common java problems. It could help and explain some common errors during installation.
https://syslog-ng.com/blog/troubleshooting-java-support-syslog-ng/
Regards, Gabor
On Fri, May 25, 2018 at 11:35 AM, Nagy, Gábor <gabor.nagy@balabit.com <mailto:gabor.nagy@balabit.com>> wrote:
Hi Komi!
You need the java package for syslog-ng too: "syslog-ng-mod-java". What is the source of the syslog-ng package you installed?
You will need additional steps after you have installed the syslog-ng java package. In our admin we have detailed instructions to setup elasticsearch2 destination: https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-n... <https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configuring-destinations-elasticsearch2.html>
Feel free to ask if you got stuck!
Regards, Gabor
On Fri, May 25, 2018 at 10:49 AM, Komi Elitcha <kmw.elitcha@gmail.com <mailto:kmw.elitcha@gmail.com>> wrote:
Good day all,
I'm new to this mailing list.
I'm setting up syslong-ng+elasticsearch+kibana on an Ubuntu 18.04; i'm getting the following output/error from command: ]#syslog-ng -Fve
Error parsing destination, destination plugin java not found in block destination elasticsearch2 (at /usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf:58:1): 1 2-----> java( 2-----> ^^^^ 3 class_path("/usr/lib/syslog-ng/3.15/java-modules/*.jar:/usr/lib/syslog-ng/3.15/java-modules/elastic-jest-client/*.jar:/opt/syslog-ng/jre1.8.0_171/lib//*.jar") 4 class_name("org.syslog_ng.elasticsearch_v2.ElasticSearchDestination") 5 option("index", "*log*") 6 option("type", "syslog") 7 option("server", "localhost")
Included from /etc/syslog-ng/syslog-ng.conf: 90 # Debian only 91 destination d_ppp { file("/var/log/ppp.log"); }; 92 93 # Elasticsearch destination 94 destination d_es { 95----> elasticsearch2( 95----> ^^^^^^^^^^^^^^^^ 96 cluster("syslog-ng") 97 client-lib-dir("/usr/share/elasticsearch/lib/") 98 client-lib-dir("/opt/syslog-ng/jre1.8.0_171/lib/") 99 time-zone("UTC") 100 cluster-url("http://localhost:9200 <http://localhost:9200>")
Any help is welcome.
Thanks.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
______________________________________________________________________________ Member info:https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng FAQ:http://www.balabit.com/wiki/syslog-ng-faq
-- -- KE
Hello, You probably have a '\r' carriage return in your configuration, that is not supported. Remove it and it should work :) -- Kokan On Fri, May 25, 2018 at 8:59 PM Komi Elitcha <kmw.elitcha@gmail.com> wrote:
Oups...
Additionally, i'm getting an error saying that syslog-ng-core in not configured yet.
I hope i didn't miss anything.
Thanks.
Le 25/05/2018 à 18:39, Komi Elitcha a écrit :
Thank you Gabor,
Your below comments were very helpful and i suspect i've solved the java issue (maybe i should open a new thread).
After setting correctly the java env in bashrc, this the output i get from #syslog-ng -Fve command:
Error parsing config, syntax error, unexpected $end, expecting ';' in /etc/syslog-ng/syslog-ng.conf: 173 log { source(s_src); filter(f_messages); destination(d_messages); }; 174 175 log { source(s_src); filter(f_console); destination(d_console_all); 176 destination(d_xconsole); }; 177 log { source(s_src); filter(f_crit); destination(d_console); }; 178---> 178---> ^ 179 # All messages send to a remote site 180 # 181 #log { source(s_src); destination(d_net); }; 182 log { source(s_net); destination(d_es); flags(flow-control); }; 183
I cannot see any syntax error (regarding the ';') in my syslong-ng.conf file. Is there any know bug related to this. Also, i wonder why "log {---}' syntaxes are returning errors.
Regards,
Le 25/05/2018 à 10:20, Nagy, Gábor a écrit :
Sorry I forgot to link our blog post about common java problems. It could help and explain some common errors during installation.
https://syslog-ng.com/blog/troubleshooting-java-support-syslog-ng/
Regards, Gabor
On Fri, May 25, 2018 at 11:35 AM, Nagy, Gábor <gabor.nagy@balabit.com> wrote:
Hi Komi!
You need the java package for syslog-ng too: "syslog-ng-mod-java". What is the source of the syslog-ng package you installed?
You will need additional steps after you have installed the syslog-ng java package. In our admin we have detailed instructions to setup elasticsearch2 destination:
https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-n...
Feel free to ask if you got stuck!
Regards, Gabor
On Fri, May 25, 2018 at 10:49 AM, Komi Elitcha <kmw.elitcha@gmail.com> wrote:
Good day all,
I'm new to this mailing list.
I'm setting up syslong-ng+elasticsearch+kibana on an Ubuntu 18.04; i'm getting the following output/error from command: ]#syslog-ng -Fve
Error parsing destination, destination plugin java not found in block destination elasticsearch2 (at /usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf:58:1): 1 2-----> java( 2-----> ^^^^ 3 class_path("/usr/lib/syslog-ng/3.15/java-modules/*.jar:/usr/lib/syslog-ng/3.15/java-modules/elastic-jest-client/*.jar:/opt/syslog-ng/jre1.8.0_171/lib//*.jar") 4 class_name("org.syslog_ng.elasticsearch_v2.ElasticSearchDestination") 5 option("index", "*log*") 6 option("type", "syslog") 7 option("server", "localhost")
Included from /etc/syslog-ng/syslog-ng.conf: 90 # Debian only 91 destination d_ppp { file("/var/log/ppp.log"); }; 92 93 # Elasticsearch destination 94 destination d_es { 95----> elasticsearch2( 95----> ^^^^^^^^^^^^^^^^ 96 cluster("syslog-ng") 97 client-lib-dir("/usr/share/elasticsearch/lib/") 98 client-lib-dir("/opt/syslog-ng/jre1.8.0_171/lib/") 99 time-zone("UTC") 100 cluster-url("http://localhost:9200")
Any help is welcome.
Thanks.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- -- KE
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hello Kokan, I double checked inside '/etc/syslog-ng/syslog-ng.conf' file and i don't have any '\r' carriage. Are you pointing me to another conf file? Regards, Le 25/05/2018 à 19:10, Kókai Péter a écrit :
Hello,
You probably have a '\r' carriage return in your configuration, that is not supported. Remove it and it should work :)
-- Kokan
On Fri, May 25, 2018 at 8:59 PM Komi Elitcha <kmw.elitcha@gmail.com <mailto:kmw.elitcha@gmail.com>> wrote:
Oups...
Additionally, i'm getting an error saying that syslog-ng-core in not configured yet.
I hope i didn't miss anything.
Thanks.
Le 25/05/2018 à 18:39, Komi Elitcha a écrit :
Thank you Gabor,
Your below comments were very helpful and i suspect i've solved the java issue (maybe i should open a new thread).
After setting correctly the java env in bashrc, this the output i get from #syslog-ng -Fve command:
Error parsing config, syntax error, unexpected $end, expecting ';' in /etc/syslog-ng/syslog-ng.conf: 173 log { source(s_src); filter(f_messages); destination(d_messages); }; 174 175 log { source(s_src); filter(f_console); destination(d_console_all); 176 destination(d_xconsole); }; 177 log { source(s_src); filter(f_crit); destination(d_console); }; 178---> 178---> ^ 179 # All messages send to a remote site 180 # 181 #log { source(s_src); destination(d_net); }; 182 log { source(s_net); destination(d_es); flags(flow-control); }; 183
I cannot see any syntax error (regarding the ';') in my syslong-ng.conf file. Is there any know bug related to this. Also, i wonder why "log {---}' syntaxes are returning errors.
Regards,
Le 25/05/2018 à 10:20, Nagy, Gábor a écrit :
Sorry I forgot to link our blog post about common java problems. It could help and explain some common errors during installation.
https://syslog-ng.com/blog/troubleshooting-java-support-syslog-ng/
Regards, Gabor
On Fri, May 25, 2018 at 11:35 AM, Nagy, Gábor <gabor.nagy@balabit.com <mailto:gabor.nagy@balabit.com>> wrote:
Hi Komi!
You need the java package for syslog-ng too: "syslog-ng-mod-java". What is the source of the syslog-ng package you installed?
You will need additional steps after you have installed the syslog-ng java package. In our admin we have detailed instructions to setup elasticsearch2 destination: https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-n...
Feel free to ask if you got stuck!
Regards, Gabor
On Fri, May 25, 2018 at 10:49 AM, Komi Elitcha <kmw.elitcha@gmail.com <mailto:kmw.elitcha@gmail.com>> wrote:
Good day all,
I'm new to this mailing list.
I'm setting up syslong-ng+elasticsearch+kibana on an Ubuntu 18.04; i'm getting the following output/error from command: ]#syslog-ng -Fve
Error parsing destination, destination plugin java not found in block destination elasticsearch2 (at /usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf:58:1): 1 2-----> java( 2-----> ^^^^ 3 class_path("/usr/lib/syslog-ng/3.15/java-modules/*.jar:/usr/lib/syslog-ng/3.15/java-modules/elastic-jest-client/*.jar:/opt/syslog-ng/jre1.8.0_171/lib//*.jar") 4 class_name("org.syslog_ng.elasticsearch_v2.ElasticSearchDestination") 5 option("index", "*log*") 6 option("type", "syslog") 7 option("server", "localhost")
Included from /etc/syslog-ng/syslog-ng.conf: 90 # Debian only 91 destination d_ppp { file("/var/log/ppp.log"); }; 92 93 # Elasticsearch destination 94 destination d_es { 95----> elasticsearch2( 95----> ^^^^^^^^^^^^^^^^ 96 cluster("syslog-ng") 97 client-lib-dir("/usr/share/elasticsearch/lib/") 98 client-lib-dir("/opt/syslog-ng/jre1.8.0_171/lib/") 99 time-zone("UTC") 100 cluster-url("http://localhost:9200")
Any help is welcome.
Thanks.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info:https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng FAQ:http://www.balabit.com/wiki/syslog-ng-faq
-- -- KE
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- -- KE
Hello, Would it be possible to share your configuration file as an attachment, or upload somewhere ? The error message indicates that the parser reached the end of the file(of course it is not), but it requires the ';' to close the previous block. It also points to the place where it found the file end. 177 log { source(s_src); filter(f_crit); destination(d_console); }; 178---> 178---> ^ Removing that empty line might also help. (It points to the empty line and not to the log) -- Kokan On Fri, May 25, 2018 at 9:42 PM Komi Elitcha <kmw.elitcha@gmail.com> wrote:
Hello Kokan,
I double checked inside '/etc/syslog-ng/syslog-ng.conf' file and i don't have any '\r' carriage.
Are you pointing me to another conf file?
Regards,
Le 25/05/2018 à 19:10, Kókai Péter a écrit :
Hello,
You probably have a '\r' carriage return in your configuration, that is not supported. Remove it and it should work :)
-- Kokan
On Fri, May 25, 2018 at 8:59 PM Komi Elitcha <kmw.elitcha@gmail.com> wrote:
Oups...
Additionally, i'm getting an error saying that syslog-ng-core in not configured yet.
I hope i didn't miss anything.
Thanks.
Le 25/05/2018 à 18:39, Komi Elitcha a écrit :
Thank you Gabor,
Your below comments were very helpful and i suspect i've solved the java issue (maybe i should open a new thread).
After setting correctly the java env in bashrc, this the output i get from #syslog-ng -Fve command:
Error parsing config, syntax error, unexpected $end, expecting ';' in /etc/syslog-ng/syslog-ng.conf: 173 log { source(s_src); filter(f_messages); destination(d_messages); }; 174 175 log { source(s_src); filter(f_console); destination(d_console_all); 176 destination(d_xconsole); }; 177 log { source(s_src); filter(f_crit); destination(d_console); }; 178---> 178---> ^ 179 # All messages send to a remote site 180 # 181 #log { source(s_src); destination(d_net); }; 182 log { source(s_net); destination(d_es); flags(flow-control); }; 183
I cannot see any syntax error (regarding the ';') in my syslong-ng.conf file. Is there any know bug related to this. Also, i wonder why "log {---}' syntaxes are returning errors.
Regards,
Le 25/05/2018 à 10:20, Nagy, Gábor a écrit :
Sorry I forgot to link our blog post about common java problems. It could help and explain some common errors during installation.
https://syslog-ng.com/blog/troubleshooting-java-support-syslog-ng/
Regards, Gabor
On Fri, May 25, 2018 at 11:35 AM, Nagy, Gábor <gabor.nagy@balabit.com> wrote:
Hi Komi!
You need the java package for syslog-ng too: "syslog-ng-mod-java". What is the source of the syslog-ng package you installed?
You will need additional steps after you have installed the syslog-ng java package. In our admin we have detailed instructions to setup elasticsearch2 destination:
https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-n...
Feel free to ask if you got stuck!
Regards, Gabor
On Fri, May 25, 2018 at 10:49 AM, Komi Elitcha <kmw.elitcha@gmail.com> wrote:
Good day all,
I'm new to this mailing list.
I'm setting up syslong-ng+elasticsearch+kibana on an Ubuntu 18.04; i'm getting the following output/error from command: ]#syslog-ng -Fve
Error parsing destination, destination plugin java not found in block destination elasticsearch2 (at /usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf:58:1): 1 2-----> java( 2-----> ^^^^ 3 class_path("/usr/lib/syslog-ng/3.15/java-modules/*.jar:/usr/lib/syslog-ng/3.15/java-modules/elastic-jest-client/*.jar:/opt/syslog-ng/jre1.8.0_171/lib//*.jar") 4 class_name("org.syslog_ng.elasticsearch_v2.ElasticSearchDestination") 5 option("index", "*log*") 6 option("type", "syslog") 7 option("server", "localhost")
Included from /etc/syslog-ng/syslog-ng.conf: 90 # Debian only 91 destination d_ppp { file("/var/log/ppp.log"); }; 92 93 # Elasticsearch destination 94 destination d_es { 95----> elasticsearch2( 95----> ^^^^^^^^^^^^^^^^ 96 cluster("syslog-ng") 97 client-lib-dir("/usr/share/elasticsearch/lib/") 98 client-lib-dir("/opt/syslog-ng/jre1.8.0_171/lib/") 99 time-zone("UTC") 100 cluster-url("http://localhost:9200")
Any help is welcome.
Thanks.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- -- KE
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- -- KE
Kokan, Please see attached. Furthermore, the "log {---}" syntax is the one provided from install; i didn't modify it. Regards, Le 25/05/2018 à 19:52, Kókai Péter a écrit :
Hello,
Would it be possible to share your configuration file as an attachment, or upload somewhere ?
The error message indicates that the parser reached the end of the file(of course it is not), but it requires the ';' to close the previous block. It also points to the place where it found the file end.
177 log { source(s_src); filter(f_crit); destination(d_console); }; 178---> 178---> ^
Removing that empty line might also help. (It points to the empty line and not to the log)
-- Kokan
On Fri, May 25, 2018 at 9:42 PM Komi Elitcha <kmw.elitcha@gmail.com <mailto:kmw.elitcha@gmail.com>> wrote:
Hello Kokan,
I double checked inside '/etc/syslog-ng/syslog-ng.conf' file and i don't have any '\r' carriage.
Are you pointing me to another conf file?
Regards,
Le 25/05/2018 à 19:10, Kókai Péter a écrit :
Hello,
You probably have a '\r' carriage return in your configuration, that is not supported. Remove it and it should work :)
-- Kokan
On Fri, May 25, 2018 at 8:59 PM Komi Elitcha <kmw.elitcha@gmail.com <mailto:kmw.elitcha@gmail.com>> wrote:
Oups...
Additionally, i'm getting an error saying that syslog-ng-core in not configured yet.
I hope i didn't miss anything.
Thanks.
Le 25/05/2018 à 18:39, Komi Elitcha a écrit :
Thank you Gabor,
Your below comments were very helpful and i suspect i've solved the java issue (maybe i should open a new thread).
After setting correctly the java env in bashrc, this the output i get from #syslog-ng -Fve command:
Error parsing config, syntax error, unexpected $end, expecting ';' in /etc/syslog-ng/syslog-ng.conf: 173 log { source(s_src); filter(f_messages); destination(d_messages); }; 174 175 log { source(s_src); filter(f_console); destination(d_console_all); 176 destination(d_xconsole); }; 177 log { source(s_src); filter(f_crit); destination(d_console); }; 178---> 178---> ^ 179 # All messages send to a remote site 180 # 181 #log { source(s_src); destination(d_net); }; 182 log { source(s_net); destination(d_es); flags(flow-control); }; 183
I cannot see any syntax error (regarding the ';') in my syslong-ng.conf file. Is there any know bug related to this. Also, i wonder why "log {---}' syntaxes are returning errors.
Regards,
Le 25/05/2018 à 10:20, Nagy, Gábor a écrit :
Sorry I forgot to link our blog post about common java problems. It could help and explain some common errors during installation.
https://syslog-ng.com/blog/troubleshooting-java-support-syslog-ng/
Regards, Gabor
On Fri, May 25, 2018 at 11:35 AM, Nagy, Gábor <gabor.nagy@balabit.com <mailto:gabor.nagy@balabit.com>> wrote:
Hi Komi!
You need the java package for syslog-ng too: "syslog-ng-mod-java". What is the source of the syslog-ng package you installed?
You will need additional steps after you have installed the syslog-ng java package. In our admin we have detailed instructions to setup elasticsearch2 destination: https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-n...
Feel free to ask if you got stuck!
Regards, Gabor
On Fri, May 25, 2018 at 10:49 AM, Komi Elitcha <kmw.elitcha@gmail.com <mailto:kmw.elitcha@gmail.com>> wrote:
Good day all,
I'm new to this mailing list.
I'm setting up syslong-ng+elasticsearch+kibana on an Ubuntu 18.04; i'm getting the following output/error from command: ]#syslog-ng -Fve
Error parsing destination, destination plugin java not found in block destination elasticsearch2 (at /usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf:58:1): 1 2-----> java( 2-----> ^^^^ 3 class_path("/usr/lib/syslog-ng/3.15/java-modules/*.jar:/usr/lib/syslog-ng/3.15/java-modules/elastic-jest-client/*.jar:/opt/syslog-ng/jre1.8.0_171/lib//*.jar") 4 class_name("org.syslog_ng.elasticsearch_v2.ElasticSearchDestination") 5 option("index", "*log*") 6 option("type", "syslog") 7 option("server", "localhost")
Included from /etc/syslog-ng/syslog-ng.conf: 90 # Debian only 91 destination d_ppp { file("/var/log/ppp.log"); }; 92 93 # Elasticsearch destination 94 destination d_es { 95----> elasticsearch2( 95----> ^^^^^^^^^^^^^^^^ 96 cluster("syslog-ng") 97 client-lib-dir("/usr/share/elasticsearch/lib/") 98 client-lib-dir("/opt/syslog-ng/jre1.8.0_171/lib/") 99 time-zone("UTC") 100 cluster-url("http://localhost:9200")
Any help is welcome.
Thanks.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info:https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng FAQ:http://www.balabit.com/wiki/syslog-ng-faq
-- -- KE
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info:https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng FAQ:http://www.balabit.com/wiki/syslog-ng-faq
-- -- KE
-- -- KE
Hello, I have tried to reproduce your issue with the included configuration file, but it did not cause me the same trouble. If by any chance you have syslog-ng compiled with debug enabled, in that case you can start with an additional flag: '-y' to debug the grammar parser. (If yes, please share the result of that debug.) (With -V flag you can determine if it is compiled with debug: syslog-ng -V) If the debug mode is not possible you can still pinpoint where is the issue by commenting out lines from configuration. Or help me to reproduce this on my machine. I have tried to use ubuntu 18.04 docker image and installed syslog-ng from this repository: http://download.opensuse.org/repositories/home:/laszlo_budai:/syslog-ng/xUbu... syslog-ng -V syslog-ng 3 (3.15.1) Config version: 3.15 Installer-Version: 3.15.1 Revision: 3.15.1-1 Compile-Date: Apr 19 2018 08:29:20 -- Kokan On Fri, May 25, 2018 at 10:06 PM Komi Elitcha <kmw.elitcha@gmail.com> wrote:
Kokan,
Please see attached.
Furthermore, the "log {---}" syntax is the one provided from install; i didn't modify it.
Regards,
Le 25/05/2018 à 19:52, Kókai Péter a écrit :
Hello,
Would it be possible to share your configuration file as an attachment, or upload somewhere ?
The error message indicates that the parser reached the end of the file(of course it is not), but it requires the ';' to close the previous block. It also points to the place where it found the file end.
177 log { source(s_src); filter(f_crit); destination(d_console); }; 178---> 178---> ^
Removing that empty line might also help. (It points to the empty line and not to the log)
-- Kokan
On Fri, May 25, 2018 at 9:42 PM Komi Elitcha <kmw.elitcha@gmail.com> wrote:
Hello Kokan,
I double checked inside '/etc/syslog-ng/syslog-ng.conf' file and i don't have any '\r' carriage.
Are you pointing me to another conf file?
Regards,
Le 25/05/2018 à 19:10, Kókai Péter a écrit :
Hello,
You probably have a '\r' carriage return in your configuration, that is not supported. Remove it and it should work :)
-- Kokan
On Fri, May 25, 2018 at 8:59 PM Komi Elitcha <kmw.elitcha@gmail.com> wrote:
Oups...
Additionally, i'm getting an error saying that syslog-ng-core in not configured yet.
I hope i didn't miss anything.
Thanks.
Le 25/05/2018 à 18:39, Komi Elitcha a écrit :
Thank you Gabor,
Your below comments were very helpful and i suspect i've solved the java issue (maybe i should open a new thread).
After setting correctly the java env in bashrc, this the output i get from #syslog-ng -Fve command:
Error parsing config, syntax error, unexpected $end, expecting ';' in /etc/syslog-ng/syslog-ng.conf: 173 log { source(s_src); filter(f_messages); destination(d_messages); }; 174 175 log { source(s_src); filter(f_console); destination(d_console_all); 176 destination(d_xconsole); }; 177 log { source(s_src); filter(f_crit); destination(d_console); }; 178---> 178---> ^ 179 # All messages send to a remote site 180 # 181 #log { source(s_src); destination(d_net); }; 182 log { source(s_net); destination(d_es); flags(flow-control); }; 183
I cannot see any syntax error (regarding the ';') in my syslong-ng.conf file. Is there any know bug related to this. Also, i wonder why "log {---}' syntaxes are returning errors.
Regards,
Le 25/05/2018 à 10:20, Nagy, Gábor a écrit :
Sorry I forgot to link our blog post about common java problems. It could help and explain some common errors during installation.
https://syslog-ng.com/blog/troubleshooting-java-support-syslog-ng/
Regards, Gabor
On Fri, May 25, 2018 at 11:35 AM, Nagy, Gábor <gabor.nagy@balabit.com> wrote:
Hi Komi!
You need the java package for syslog-ng too: "syslog-ng-mod-java". What is the source of the syslog-ng package you installed?
You will need additional steps after you have installed the syslog-ng java package. In our admin we have detailed instructions to setup elasticsearch2 destination:
https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-n...
Feel free to ask if you got stuck!
Regards, Gabor
On Fri, May 25, 2018 at 10:49 AM, Komi Elitcha <kmw.elitcha@gmail.com> wrote:
Good day all,
I'm new to this mailing list.
I'm setting up syslong-ng+elasticsearch+kibana on an Ubuntu 18.04; i'm getting the following output/error from command: ]#syslog-ng -Fve
Error parsing destination, destination plugin java not found in block destination elasticsearch2 (at /usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf:58:1): 1 2-----> java( 2-----> ^^^^ 3 class_path("/usr/lib/syslog-ng/3.15/java-modules/*.jar:/usr/lib/syslog-ng/3.15/java-modules/elastic-jest-client/*.jar:/opt/syslog-ng/jre1.8.0_171/lib//*.jar") 4 class_name("org.syslog_ng.elasticsearch_v2.ElasticSearchDestination") 5 option("index", "*log*") 6 option("type", "syslog") 7 option("server", "localhost")
Included from /etc/syslog-ng/syslog-ng.conf: 90 # Debian only 91 destination d_ppp { file("/var/log/ppp.log"); }; 92 93 # Elasticsearch destination 94 destination d_es { 95----> elasticsearch2( 95----> ^^^^^^^^^^^^^^^^ 96 cluster("syslog-ng") 97 client-lib-dir("/usr/share/elasticsearch/lib/") 98 client-lib-dir("/opt/syslog-ng/jre1.8.0_171/lib/") 99 time-zone("UTC") 100 cluster-url("http://localhost:9200")
Any help is welcome.
Thanks.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- -- KE
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- -- KE
-- -- KE
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
There was a bug that caused errors to be reported incorrectly in case a block reference (in this case probably elasticsearch2) span multiple lines. The fix is already in master. The bug was introduced in 3.15 IIRC, and this PR contains the fix: https://github.com/balabit/syslog-ng/pull/2035 -- Bazsi On Sun, May 27, 2018 at 6:53 PM, Kókai Péter <peter.kokai@balabit.com> wrote:
Hello,
I have tried to reproduce your issue with the included configuration file, but it did not cause me the same trouble.
If by any chance you have syslog-ng compiled with debug enabled, in that case you can start with an additional flag: '-y' to debug the grammar parser. (If yes, please share the result of that debug.) (With -V flag you can determine if it is compiled with debug: syslog-ng -V)
If the debug mode is not possible you can still pinpoint where is the issue by commenting out lines from configuration.
Or help me to reproduce this on my machine. I have tried to use ubuntu 18.04 docker image and installed syslog-ng from this repository: http://download.opensuse.org/repositories/home:/laszlo_ budai:/syslog-ng/xUbuntu_18.04
syslog-ng -V syslog-ng 3 (3.15.1) Config version: 3.15 Installer-Version: 3.15.1 Revision: 3.15.1-1 Compile-Date: Apr 19 2018 08:29:20
-- Kokan
On Fri, May 25, 2018 at 10:06 PM Komi Elitcha <kmw.elitcha@gmail.com> wrote:
Kokan,
Please see attached.
Furthermore, the "log {---}" syntax is the one provided from install; i didn't modify it.
Regards,
Le 25/05/2018 à 19:52, Kókai Péter a écrit :
Hello,
Would it be possible to share your configuration file as an attachment, or upload somewhere ?
The error message indicates that the parser reached the end of the file(of course it is not), but it requires the ';' to close the previous block. It also points to the place where it found the file end.
177 log { source(s_src); filter(f_crit); destination(d_console); }; 178---> 178---> ^
Removing that empty line might also help. (It points to the empty line and not to the log)
-- Kokan
On Fri, May 25, 2018 at 9:42 PM Komi Elitcha <kmw.elitcha@gmail.com> wrote:
Hello Kokan,
I double checked inside '/etc/syslog-ng/syslog-ng.conf' file and i don't have any '\r' carriage.
Are you pointing me to another conf file?
Regards,
Le 25/05/2018 à 19:10, Kókai Péter a écrit :
Hello,
You probably have a '\r' carriage return in your configuration, that is not supported. Remove it and it should work :)
-- Kokan
On Fri, May 25, 2018 at 8:59 PM Komi Elitcha <kmw.elitcha@gmail.com> wrote:
Oups...
Additionally, i'm getting an error saying that syslog-ng-core in not configured yet.
I hope i didn't miss anything.
Thanks.
Le 25/05/2018 à 18:39, Komi Elitcha a écrit :
Thank you Gabor,
Your below comments were very helpful and i suspect i've solved the java issue (maybe i should open a new thread).
After setting correctly the java env in bashrc, this the output i get from #syslog-ng -Fve command:
Error parsing config, syntax error, unexpected $end, expecting ';' in /etc/syslog-ng/syslog-ng.conf: 173 log { source(s_src); filter(f_messages); destination(d_messages); }; 174 175 log { source(s_src); filter(f_console); destination(d_console_all); 176 destination(d_xconsole); }; 177 log { source(s_src); filter(f_crit); destination(d_console); }; 178---> 178---> ^ 179 # All messages send to a remote site 180 # 181 #log { source(s_src); destination(d_net); }; 182 log { source(s_net); destination(d_es); flags(flow-control); }; 183
I cannot see any syntax error (regarding the ';') in my syslong-ng.conf file. Is there any know bug related to this. Also, i wonder why "log {---}' syntaxes are returning errors.
Regards,
Le 25/05/2018 à 10:20, Nagy, Gábor a écrit :
Sorry I forgot to link our blog post about common java problems. It could help and explain some common errors during installation.
https://syslog-ng.com/blog/troubleshooting-java-support-syslog-ng/
Regards, Gabor
On Fri, May 25, 2018 at 11:35 AM, Nagy, Gábor <gabor.nagy@balabit.com> wrote:
Hi Komi!
You need the java package for syslog-ng too: "syslog-ng-mod-java". What is the source of the syslog-ng package you installed?
You will need additional steps after you have installed the syslog-ng java package. In our admin we have detailed instructions to setup elasticsearch2 destination: https://syslog-ng.com/documents/html/syslog-ng-ose- latest-guides/en/syslog-ng-ose-guide-admin/html/ configuring-destinations-elasticsearch2.html
Feel free to ask if you got stuck!
Regards, Gabor
On Fri, May 25, 2018 at 10:49 AM, Komi Elitcha <kmw.elitcha@gmail.com> wrote:
Good day all,
I'm new to this mailing list.
I'm setting up syslong-ng+elasticsearch+kibana on an Ubuntu 18.04; i'm getting the following output/error from command: ]#syslog-ng -Fve
Error parsing destination, destination plugin java not found in block destination elasticsearch2 (at /usr/share/syslog-ng/include/ scl/elasticsearch/plugin.conf:58:1): 1 2-----> java( 2-----> ^^^^ 3 class_path("/usr/lib/syslog-ng/3.15/java-modules/*.jar:/ usr/lib/syslog-ng/3.15/java-modules/elastic-jest-client/*. jar:/opt/syslog-ng/jre1.8.0_171/lib//*.jar") 4 class_name("org.syslog_ng.elasticsearch_v2. ElasticSearchDestination") 5 option("index", "*log*") 6 option("type", "syslog") 7 option("server", "localhost")
Included from /etc/syslog-ng/syslog-ng.conf: 90 # Debian only 91 destination d_ppp { file("/var/log/ppp.log"); }; 92 93 # Elasticsearch destination 94 destination d_es { 95----> elasticsearch2( 95----> ^^^^^^^^^^^^^^^^ 96 cluster("syslog-ng") 97 client-lib-dir("/usr/share/elasticsearch/lib/") 98 client-lib-dir("/opt/syslog-ng/jre1.8.0_171/lib/") 99 time-zone("UTC") 100 cluster-url("http://localhost:9200")
Any help is welcome.
Thanks.
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- -- KE
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- -- KE
-- -- KE
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (5)
-
Komi Elitcha
-
Kókai Péter
-
László Várady
-
Nagy, Gábor
-
Scheidler, Balázs