Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
This has to be something very basic.Have you tried checking if another syslog server is running? ps -aef |grep syslog Assuming this shows nothing, try a very simple syslog-ng config file and a manual start on the command line. Make sure you check all the things in your configuration that your copy should open beforehand. This should narrow down the problem I hope :-) Jim Sent from my Verizon, Samsung Galaxy smartphone -------- Original message --------From: Ivan Adji - Krstev <akivanradix@gmail.com> Date: 5/12/16 5:26 AM (GMT-05:00) To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7 So i have install EPEL and i have install syslog-ng and mongodb and when i start the syslog-ng service with syslog-ng -Fevd command i have the following error AGAIN :). Im not sure what is it and how to prevent it and what to do. But i really need this to work :(. [2016-05-12T05:21:10.739940] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)' [2016-05-12T05:21:10.739973] Error initializing message pipeline; [root@syslogserver loganalyzer]# netstat -tupl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:27017 0.0.0.0:* LISTEN 1352/mongod tcp 0 0 0.0.0.0:syslog-tls 0.0.0.0:* LISTEN 11377/syslog-ng tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 8562/sshd tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 1778/master tcp6 0 0 [::]:http [::]:* LISTEN 11264/httpd tcp6 0 0 [::]:ssh [::]:* LISTEN 8562/sshd tcp6 0 0 localhost:smtp [::]:* LISTEN 1778/master udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 638/dhclient udp 0 0 0.0.0.0:60094 0.0.0.0:* 638/dhclient udp6 0 0 [::]:3126 [::]:* 638/dhclient [root@syslogserver loganalyzer]# lsof | grep LISTEN mongod 1352 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 1393 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2028 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2033 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2034 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2138 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2139 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2141 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2148 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2404 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2446 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2447 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2448 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2449 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2450 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2451 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 11380 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) master 1778 root 13u IPv4 15893 0t0 TCP localhost:smtp (LISTEN) master 1778 root 14u IPv6 15894 0t0 TCP localhost:smtp (LISTEN) sshd 8562 root 3u IPv4 23963 0t0 TCP *:ssh (LISTEN) sshd 8562 root 4u IPv6 23965 0t0 TCP *:ssh (LISTEN) httpd 11264 root 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11265 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11267 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11268 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11269 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11270 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11275 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11276 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11277 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11278 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) syslog-ng 11377 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11378 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11541 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) httpd 11384 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) and the source config is as follow: source s_sys { system(); unix-stream("/dev/log"); internal(); network( port(6514) # tcp(port(5140)); # file("/proc/kmsg" log_prefix("kernel: ")); transport("tls") tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d")) ); }; destination d_mongodb { mongodb( # servers("localhost:27017") # database("syslog") # uri('mongodb://localhost/syslog-ng') collection("messages") value-pairs( scope("selected-macros" "nv-pairs" "sdata") ) ); }; Kind regards Ivan On 05/10/2016 01:35 PM, Czanik, Péter wrote: Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL, as some of the dependencies are missing from the base distribution: https://fedoraproject.org/wiki/EPEL Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote: Hi i note this error of mine but i try the other one: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... And i have the similar errors when ever i try to install on new CentOS The procedure im doing is: Fresh installation of CentOS yum update yum install httpd php vim wget then install mongodb ( add repo ) then install syslog-ng ( add repo ) I'm using: CentOS Linux release 7.2.1511 (Core) And im having the following repos: [root@syslogserver ~]# yum repolist Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch * extras: mirror.switch.ch * updates: mirror.switch.ch repo id repo name status base/7/x86_64 CentOS-7 - Base 9,007 czanik-syslog-ng37/x86_64 Copr repo for syslog-ng37 owned by czanik 59 extras/7/x86_64 CentOS-7 - Extras 266 mongodb-org-3.2/7 MongoDB Repository 35 updates/7/x86_64 CentOS-7 - Updates 1,437 repolist: 10,804 [root@syslogserver ~]# yum install syslog-ng Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch * extras: mirror.switch.ch * updates: mirror.switch.ch Resolving Dependencies --> Running transaction check ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libnet.so.1()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Running transaction check ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.30)(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: ivykis >= 0.36.1 Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.29)(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest Any idea ? On 05/09/2016 04:09 PM, Czanik, Péter wrote: Hi, You should add the repository using the file: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... to yum and not just download individual packages. You can use then "yum install syslog-ng" which will also download all necessary dependencies. Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote: I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7 I have problem when i try to install Syslog-NG 3.7 on CentOS 7. The following errors i get: --> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libpcre.so.0()(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest Any hints on this ? Kind regards Ivan ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Here it is nothing special everything is active from syslog-ng [2016-05-12T06:58:31.428821] Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:97:7] [2016-05-12T06:58:31.428829] Compiling s_sys reference [source] at [/etc/syslog-ng/syslog-ng.conf:97:7] [2016-05-12T06:58:31.428838] Compiling d_mongodb reference [destination] at [/etc/syslog-ng/syslog-ng.conf:97:22] [2016-05-12T06:58:31.429227] Seeking the journal to the last cursor position; cursor='s=45e493f939fe45439dc7263dbac327e7;i=18d5;b=a99860976f4b493db69999b0b65079a8;m=1fe68c36f;t=532a30982aa4f;x=1dcbc3750c827c8b' [2016-05-12T06:58:31.430095] Module loaded and initialized successfully; module='syslogformat' [2016-05-12T06:58:31.430130] Failed to acquire /run/systemd/journal/syslog socket, disabling systemd-syslog source; [2016-05-12T06:58:31.430749] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)' [2016-05-12T06:58:31.430783] Error initializing message pipeline; [root@syslogserver syslog-ng]# netstat -antup | grep 6514 tcp 0 0 0.0.0.0:6514 0.0.0.0:* LISTEN 14256/syslog-ng tcp 0 0 192.168.111.231:6514 5.144.32.159:43921 FIN_WAIT2 - [root@syslogserver syslog-ng]# ps -aef |grep syslog root 14256 1 0 06:58 ? 00:00:00 /usr/sbin/syslog-ng -F -p /var/run/syslogd.pid root 14266 10078 0 06:58 pts/0 00:00:00 grep --color=auto syslog On 05/12/2016 12:42 PM, jrhendri wrote:
This has to be something very basic. Have you tried checking if another syslog server is running? ps -aef |grep syslog
Assuming this shows nothing, try a very simple syslog-ng config file and a manual start on the command line.
Make sure you check all the things in your configuration that your copy should open beforehand.
This should narrow down the problem I hope :-)
Jim
Sent from my Verizon, Samsung Galaxy smartphone
-------- Original message -------- From: Ivan Adji - Krstev <akivanradix@gmail.com> Date: 5/12/16 5:26 AM (GMT-05:00) To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
So i have install EPEL and i have install syslog-ng and mongodb and when i start the syslog-ng service with *syslog-ng -Fevd *command i have the following error AGAIN :).
Im not sure what is it and how to prevent it and what to do. But i really need this to work :(.
[2016-05-12T05:21:10.739940] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)' [2016-05-12T05:21:10.739973] Error initializing message pipeline;
[root@syslogserver loganalyzer]# netstat -tupl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:27017 0.0.0.0:* LISTEN 1352/mongod tcp 0 0 0.0.0.0:syslog-tls 0.0.0.0:* LISTEN 11377/syslog-ng tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 8562/sshd tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 1778/master tcp6 0 0 [::]:http [::]:* LISTEN 11264/httpd tcp6 0 0 [::]:ssh [::]:* LISTEN 8562/sshd tcp6 0 0 localhost:smtp [::]:* LISTEN 1778/master udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 638/dhclient udp 0 0 0.0.0.0:60094 0.0.0.0:* 638/dhclient udp6 0 0 [::]:3126 [::]:* 638/dhclient
[root@syslogserver loganalyzer]# lsof | grep LISTEN mongod 1352 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 1393 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2028 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2033 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2034 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2138 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2139 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2141 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2148 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2404 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2446 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2447 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2448 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2449 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2450 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2451 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 11380 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) master 1778 root 13u IPv4 15893 0t0 TCP localhost:smtp (LISTEN) master 1778 root 14u IPv6 15894 0t0 TCP localhost:smtp (LISTEN) sshd 8562 root 3u IPv4 23963 0t0 TCP *:ssh (LISTEN) sshd 8562 root 4u IPv6 23965 0t0 TCP *:ssh (LISTEN) httpd 11264 root 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11265 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11267 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11268 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11269 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11270 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11275 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11276 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11277 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11278 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) syslog-ng 11377 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11378 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11541 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) httpd 11384 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
and the source config is as follow:
source s_sys { system(); unix-stream("/dev/log"); internal(); network( port(6514) # tcp(port(5140)); # file("/proc/kmsg" log_prefix("kernel: ")); transport("tls") tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d")) ); };
destination d_mongodb { mongodb( # servers("localhost:27017") # database("syslog") # uri('mongodb://localhost/syslog-ng') collection("messages") value-pairs( scope("selected-macros" "nv-pairs" "sdata") ) ); };
Kind regards Ivan
On 05/10/2016 01:35 PM, Czanik, Péter wrote:
Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL, as some of the dependencies are missing from the base distribution: https://fedoraproject.org/wiki/EPEL
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik
On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:
Hi i note this error of mine but i try the other one:
https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... And i have the similar errors when ever i try to install on new CentOS
The procedure im doing is: Fresh installation of CentOS yum update yum install httpd php vim wget then install mongodb ( add repo ) then install syslog-ng ( add repo )
I'm using: CentOS Linux release 7.2.1511 (Core) And im having the following repos:
[root@syslogserver ~]# yum repolist Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch * extras: mirror.switch.ch * updates: mirror.switch.ch repo id repo name status base/7/x86_64 CentOS-7 - Base 9,007 czanik-syslog-ng37/x86_64 Copr repo for syslog-ng37 owned by czanik 59 extras/7/x86_64 CentOS-7 - Extras 266 mongodb-org-3.2/7 MongoDB Repository 35 updates/7/x86_64 CentOS-7 - Updates 1,437 repolist: 10,804
[root@syslogserver ~]# yum install syslog-ng Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch * extras: mirror.switch.ch * updates: mirror.switch.ch Resolving Dependencies --> Running transaction check ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libnet.so.1()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Running transaction check ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.30)(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: ivykis >= 0.36.1 Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.29)(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any idea ?
On 05/09/2016 04:09 PM, Czanik, Péter wrote:
Hi,
You should add the repository using the file: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... to yum and not just download individual packages. You can use then "yum install syslog-ng" which will also download all necessary dependencies.
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik
On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:
I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
The following errors i get:
--> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libpcre.so.0()(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any hints on this ?
Kind regards Ivan
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
OK so i get syslog-ng running with the default configuration.... this have some problem with the TLS configuration. What i have done i have create the certificate procedures ( self signed certificate ) on my laptop following this article: https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-g... So i generate the server certificate on my laptop and the other certificates for the clients. I copy them and put the configuration. Any other configuration in syslog-ng.conf to put and try to working with TLS ? Kind regards On 05/12/2016 12:42 PM, jrhendri wrote:
This has to be something very basic. Have you tried checking if another syslog server is running? ps -aef |grep syslog
Assuming this shows nothing, try a very simple syslog-ng config file and a manual start on the command line.
Make sure you check all the things in your configuration that your copy should open beforehand.
This should narrow down the problem I hope :-)
Jim
Sent from my Verizon, Samsung Galaxy smartphone
-------- Original message -------- From: Ivan Adji - Krstev <akivanradix@gmail.com> Date: 5/12/16 5:26 AM (GMT-05:00) To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
So i have install EPEL and i have install syslog-ng and mongodb and when i start the syslog-ng service with *syslog-ng -Fevd *command i have the following error AGAIN :).
Im not sure what is it and how to prevent it and what to do. But i really need this to work :(.
[2016-05-12T05:21:10.739940] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)' [2016-05-12T05:21:10.739973] Error initializing message pipeline;
[root@syslogserver loganalyzer]# netstat -tupl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:27017 0.0.0.0:* LISTEN 1352/mongod tcp 0 0 0.0.0.0:syslog-tls 0.0.0.0:* LISTEN 11377/syslog-ng tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 8562/sshd tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 1778/master tcp6 0 0 [::]:http [::]:* LISTEN 11264/httpd tcp6 0 0 [::]:ssh [::]:* LISTEN 8562/sshd tcp6 0 0 localhost:smtp [::]:* LISTEN 1778/master udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 638/dhclient udp 0 0 0.0.0.0:60094 0.0.0.0:* 638/dhclient udp6 0 0 [::]:3126 [::]:* 638/dhclient
[root@syslogserver loganalyzer]# lsof | grep LISTEN mongod 1352 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 1393 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2028 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2033 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2034 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2138 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2139 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2141 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2148 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2404 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2446 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2447 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2448 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2449 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2450 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2451 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 11380 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) master 1778 root 13u IPv4 15893 0t0 TCP localhost:smtp (LISTEN) master 1778 root 14u IPv6 15894 0t0 TCP localhost:smtp (LISTEN) sshd 8562 root 3u IPv4 23963 0t0 TCP *:ssh (LISTEN) sshd 8562 root 4u IPv6 23965 0t0 TCP *:ssh (LISTEN) httpd 11264 root 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11265 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11267 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11268 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11269 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11270 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11275 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11276 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11277 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11278 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) syslog-ng 11377 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11378 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11541 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) httpd 11384 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
and the source config is as follow:
source s_sys { system(); unix-stream("/dev/log"); internal(); network( port(6514) # tcp(port(5140)); # file("/proc/kmsg" log_prefix("kernel: ")); transport("tls") tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d")) ); };
destination d_mongodb { mongodb( # servers("localhost:27017") # database("syslog") # uri('mongodb://localhost/syslog-ng') collection("messages") value-pairs( scope("selected-macros" "nv-pairs" "sdata") ) ); };
Kind regards Ivan
On 05/10/2016 01:35 PM, Czanik, Péter wrote:
Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL, as some of the dependencies are missing from the base distribution: https://fedoraproject.org/wiki/EPEL
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik
On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:
Hi i note this error of mine but i try the other one:
https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... And i have the similar errors when ever i try to install on new CentOS
The procedure im doing is: Fresh installation of CentOS yum update yum install httpd php vim wget then install mongodb ( add repo ) then install syslog-ng ( add repo )
I'm using: CentOS Linux release 7.2.1511 (Core) And im having the following repos:
[root@syslogserver ~]# yum repolist Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch * extras: mirror.switch.ch * updates: mirror.switch.ch repo id repo name status base/7/x86_64 CentOS-7 - Base 9,007 czanik-syslog-ng37/x86_64 Copr repo for syslog-ng37 owned by czanik 59 extras/7/x86_64 CentOS-7 - Extras 266 mongodb-org-3.2/7 MongoDB Repository 35 updates/7/x86_64 CentOS-7 - Updates 1,437 repolist: 10,804
[root@syslogserver ~]# yum install syslog-ng Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch * extras: mirror.switch.ch * updates: mirror.switch.ch Resolving Dependencies --> Running transaction check ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libnet.so.1()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Running transaction check ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.30)(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: ivykis >= 0.36.1 Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.29)(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any idea ?
On 05/09/2016 04:09 PM, Czanik, Péter wrote:
Hi,
You should add the repository using the file: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... to yum and not just download individual packages. You can use then "yum install syslog-ng" which will also download all necessary dependencies.
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik
On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:
I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
The following errors i get:
--> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libpcre.so.0()(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any hints on this ?
Kind regards Ivan
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi, Did you stop the syslog-ng daemon (systemctl stop syslog-ng) before running 'syslog-ng -Fevd' manually? -- László Várady On Thu, May 12, 2016 at 1:16 PM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:
OK so i get syslog-ng running with the default configuration.... this have some problem with the TLS configuration.
What i have done i have create the certificate procedures ( self signed certificate ) on my laptop following this article: <https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-tutorial-mutual-auth-tls/html/create-server-certificate.html> https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-g...
So i generate the server certificate on my laptop and the other certificates for the clients. I copy them and put the configuration.
Any other configuration in syslog-ng.conf to put and try to working with TLS ?
Kind regards
On 05/12/2016 12:42 PM, jrhendri wrote:
This has to be something very basic. Have you tried checking if another syslog server is running? ps -aef |grep syslog
Assuming this shows nothing, try a very simple syslog-ng config file and a manual start on the command line.
Make sure you check all the things in your configuration that your copy should open beforehand.
This should narrow down the problem I hope :-)
Jim
Sent from my Verizon, Samsung Galaxy smartphone
-------- Original message -------- From: Ivan Adji - Krstev <akivanradix@gmail.com> <akivanradix@gmail.com> Date: 5/12/16 5:26 AM (GMT-05:00) To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
So i have install EPEL and i have install syslog-ng and mongodb and when i start the syslog-ng service with *syslog-ng -Fevd *command i have the following error AGAIN :).
Im not sure what is it and how to prevent it and what to do. But i really need this to work :(.
[2016-05-12T05:21:10.739940] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)' [2016-05-12T05:21:10.739973] Error initializing message pipeline;
[root@syslogserver loganalyzer]# netstat -tupl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:27017 0.0.0.0:* LISTEN 1352/mongod tcp 0 0 0.0.0.0:syslog-tls 0.0.0.0:* LISTEN 11377/syslog-ng tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 8562/sshd tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 1778/master tcp6 0 0 [::]:http [::]:* LISTEN 11264/httpd tcp6 0 0 [::]:ssh [::]:* LISTEN 8562/sshd tcp6 0 0 localhost:smtp [::]:* LISTEN 1778/master udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 638/dhclient udp 0 0 0.0.0.0:60094 0.0.0.0:* 638/dhclient udp6 0 0 [::]:3126 [::]:* 638/dhclient
[root@syslogserver loganalyzer]# lsof | grep LISTEN mongod 1352 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 1393 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2028 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2033 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2034 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2138 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2139 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2141 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2148 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2404 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2446 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2447 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2448 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2449 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2450 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2451 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 11380 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) master 1778 root 13u IPv4 15893 0t0 TCP localhost:smtp (LISTEN) master 1778 root 14u IPv6 15894 0t0 TCP localhost:smtp (LISTEN) sshd 8562 root 3u IPv4 23963 0t0 TCP *:ssh (LISTEN) sshd 8562 root 4u IPv6 23965 0t0 TCP *:ssh (LISTEN) httpd 11264 root 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11265 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11267 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11268 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11269 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11270 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11275 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11276 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11277 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11278 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) syslog-ng 11377 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11378 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11541 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) httpd 11384 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
and the source config is as follow:
source s_sys { system(); unix-stream("/dev/log"); internal(); network( port(6514) # tcp(port(5140)); # file("/proc/kmsg" log_prefix("kernel: ")); transport("tls") tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d")) ); };
destination d_mongodb { mongodb( # servers("localhost:27017") # database("syslog") # uri('mongodb://localhost/syslog-ng') collection("messages") value-pairs( scope("selected-macros" "nv-pairs" "sdata") ) ); };
Kind regards Ivan
On 05/10/2016 01:35 PM, Czanik, Péter wrote:
Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL, as some of the dependencies are missing from the base distribution:https://fedoraproject.org/wiki/EPEL
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> <peter.czanik@balabit.com> Balabit / syslog-ng upstreamhttp://czanik.blogs.balabit.com/https://twitter.com/PCzanik
On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev<akivanradix@gmail.com> <akivanradix@gmail.com> wrote:
Hi i note this error of mine but i try the other one: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... And i have the similar errors when ever i try to install on new CentOS
The procedure im doing is: Fresh installation of CentOS yum update yum install httpd php vim wget then install mongodb ( add repo ) then install syslog-ng ( add repo )
I'm using: CentOS Linux release 7.2.1511 (Core) And im having the following repos:
[root@syslogserver ~]# yum repolist Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch * extras: mirror.switch.ch * updates: mirror.switch.ch repo id repo name status base/7/x86_64 CentOS-7 - Base 9,007 czanik-syslog-ng37/x86_64 Copr repo for syslog-ng37 owned by czanik 59 extras/7/x86_64 CentOS-7 - Extras 266 mongodb-org-3.2/7 MongoDB Repository 35 updates/7/x86_64 CentOS-7 - Updates 1,437 repolist: 10,804
[root@syslogserver ~]# yum install syslog-ng Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch * extras: mirror.switch.ch * updates: mirror.switch.ch Resolving Dependencies --> Running transaction check ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libnet.so.1()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Running transaction check ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.30)(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: ivykis >= 0.36.1 Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.29)(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any idea ?
On 05/09/2016 04:09 PM, Czanik, Péter wrote:
Hi,
You should add the repository using the file:https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... to yum and not just download individual packages. You can use then "yum install syslog-ng" which will also download all necessary dependencies.
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> <peter.czanik@balabit.com> Balabit / syslog-ng upstreamhttp://czanik.blogs.balabit.com/https://twitter.com/PCzanik
On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev<akivanradix@gmail.com> <akivanradix@gmail.com> wrote:
I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
The following errors i get:
--> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libpcre.so.0()(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any hints on this ?
Kind regards Ivan
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi, I have stoped now and here it is: [root@syslogserver syslog-ng]# systemctl status syslog-ng ● syslog-ng.service - System Logger Daemon Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: inactive (dead) since Thu 2016-05-12 13:34:10 CEST; 10min ago Docs: man:syslog-ng(8) Process: 2692 ExecStart=/usr/sbin/syslog-ng -F $SYSLOGNG_OPTS -p /var/run/syslogd.pid (code=exited, status=0/SUCCESS) Main PID: 2692 (code=exited, status=0/SUCCESS) Status: "Shutting down... (Thu May 12 13:34:10 2016" May 12 13:34:01 syslogserver.novalocal systemd[1]: Starting System Logger Daemon... May 12 13:34:01 syslogserver.novalocal systemd[1]: Started System Logger Daemon. May 12 13:34:10 syslogserver.novalocal systemd[1]: Stopping System Logger Daemon... May 12 13:34:10 syslogserver.novalocal systemd[1]: Stopped System Logger Daemon. And *Syslog-ng -Fevd *gives me lot of output: [2016-05-12T13:45:14.913916] Filter rule evaluation begins; rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18' [2016-05-12T13:45:14.913925] Filter node evaluation result; result='not-match', type='facility' [2016-05-12T13:45:14.913936] Filter rule evaluation result; result='not-match', rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18' [2016-05-12T13:45:14.914140] Outgoing message; message='May 12 13:45:14 syslogserver.novalocal nm-dispatcher[2935]: Dispatching action \'dhcp4-change\' for eth0 ' [2016-05-12T13:45:18.702887] Error opening TLS file; filename='/usr/local/etc/syslog-ng/cert.d/serverkey.pem', error='No such file or directory (2)' [2016-05-12T13:45:18.702938] Error opening TLS file; filename='/usr/local/etc/syslog-ng/cert.d/servercert.pem', error='No such file or directory (2)' [2016-05-12T13:45:18.703025] Error setting up TLS session context; tls_error='SSL routines:SSL_CTX_check_private_key:no certificate assigned' [2016-05-12T13:45:28.718534] Error opening TLS file; filename='/usr/local/etc/syslog-ng/cert.d/serverkey.pem', error='No such file or directory (2)' [2016-05-12T13:45:28.718625] Error opening TLS file; filename='/usr/local/etc/syslog-ng/cert.d/servercert.pem', error='No such file or directory (2)' [2016-05-12T13:45:28.718652] Error setting up TLS session context; tls_error='SSL routines:SSL_CTX_check_private_key:no certificate assigned' Kind regards Ivan On 05/12/2016 01:43 PM, Várady, László wrote:
Hi,
Did you stop the syslog-ng daemon (systemctl stop syslog-ng) before running 'syslog-ng -Fevd' manually?
-- László Várady
On Thu, May 12, 2016 at 1:16 PM, Ivan Adji - Krstev <akivanradix@gmail.com <mailto:akivanradix@gmail.com>> wrote:
OK so i get syslog-ng running with the default configuration.... this have some problem with the TLS configuration.
What i have done i have create the certificate procedures ( self signed certificate ) on my laptop following this article: https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-g...
So i generate the server certificate on my laptop and the other certificates for the clients. I copy them and put the configuration.
Any other configuration in syslog-ng.conf to put and try to working with TLS ?
Kind regards
On 05/12/2016 12:42 PM, jrhendri wrote:
This has to be something very basic. Have you tried checking if another syslog server is running? ps -aef |grep syslog
Assuming this shows nothing, try a very simple syslog-ng config file and a manual start on the command line.
Make sure you check all the things in your configuration that your copy should open beforehand.
This should narrow down the problem I hope :-)
Jim
Sent from my Verizon, Samsung Galaxy smartphone
-------- Original message -------- From: Ivan Adji - Krstev <akivanradix@gmail.com> <mailto:akivanradix@gmail.com> Date: 5/12/16 5:26 AM (GMT-05:00) To: syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
So i have install EPEL and i have install syslog-ng and mongodb and when i start the syslog-ng service with *syslog-ng -Fevd *command i have the following error AGAIN :).
Im not sure what is it and how to prevent it and what to do. But i really need this to work :(.
[2016-05-12T05:21:10.739940] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)' [2016-05-12T05:21:10.739973] Error initializing message pipeline;
[root@syslogserver loganalyzer]# netstat -tupl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:27017 0.0.0.0:* LISTEN 1352/mongod tcp 0 0 0.0.0.0:syslog-tls 0.0.0.0:* LISTEN 11377/syslog-ng tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 8562/sshd tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 1778/master tcp6 0 0 [::]:http [::]:* LISTEN 11264/httpd tcp6 0 0 [::]:ssh [::]:* LISTEN 8562/sshd tcp6 0 0 localhost:smtp [::]:* LISTEN 1778/master udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 638/dhclient udp 0 0 0.0.0.0:60094 <http://0.0.0.0:60094> 0.0.0.0:* 638/dhclient udp6 0 0 [::]:3126 [::]:* 638/dhclient
[root@syslogserver loganalyzer]# lsof | grep LISTEN mongod 1352 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 1393 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2028 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2033 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2034 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2138 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2139 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2141 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2148 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2404 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2446 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2447 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2448 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2449 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2450 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2451 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 11380 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) master 1778 root 13u IPv4 15893 0t0 TCP localhost:smtp (LISTEN) master 1778 root 14u IPv6 15894 0t0 TCP localhost:smtp (LISTEN) sshd 8562 root 3u IPv4 23963 0t0 TCP *:ssh (LISTEN) sshd 8562 root 4u IPv6 23965 0t0 TCP *:ssh (LISTEN) httpd 11264 root 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11265 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11267 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11268 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11269 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11270 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11275 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11276 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11277 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11278 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) syslog-ng 11377 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11378 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11541 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) httpd 11384 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
and the source config is as follow:
source s_sys { system(); unix-stream("/dev/log"); internal(); network( port(6514) # tcp(port(5140)); # file("/proc/kmsg" log_prefix("kernel: ")); transport("tls") tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d")) ); };
destination d_mongodb { mongodb( # servers("localhost:27017") # database("syslog") # uri('mongodb://localhost/syslog-ng') collection("messages") value-pairs( scope("selected-macros" "nv-pairs" "sdata") ) ); };
Kind regards Ivan
On 05/10/2016 01:35 PM, Czanik, Péter wrote:
Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL, as some of the dependencies are missing from the base distribution: https://fedoraproject.org/wiki/EPEL
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> <mailto:peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik
On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev <akivanradix@gmail.com> <mailto:akivanradix@gmail.com> wrote:
Hi i note this error of mine but i try the other one:
https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... And i have the similar errors when ever i try to install on new CentOS
The procedure im doing is: Fresh installation of CentOS yum update yum install httpd php vim wget then install mongodb ( add repo ) then install syslog-ng ( add repo )
I'm using: CentOS Linux release 7.2.1511 (Core) And im having the following repos:
[root@syslogserver ~]# yum repolist Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch <http://mirror.switch.ch> * extras: mirror.switch.ch <http://mirror.switch.ch> * updates: mirror.switch.ch <http://mirror.switch.ch> repo id repo name status base/7/x86_64 CentOS-7 - Base 9,007 czanik-syslog-ng37/x86_64 Copr repo for syslog-ng37 owned by czanik 59 extras/7/x86_64 CentOS-7 - Extras 266 mongodb-org-3.2/7 MongoDB Repository 35 updates/7/x86_64 CentOS-7 - Updates 1,437 repolist: 10,804
[root@syslogserver ~]# yum install syslog-ng Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch <http://mirror.switch.ch> * extras: mirror.switch.ch <http://mirror.switch.ch> * updates: mirror.switch.ch <http://mirror.switch.ch> Resolving Dependencies --> Running transaction check ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libnet.so.1()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Running transaction check ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.30)(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: ivykis >= 0.36.1 Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.29)(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any idea ?
On 05/09/2016 04:09 PM, Czanik, Péter wrote:
Hi,
You should add the repository using the file: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... to yum and not just download individual packages. You can use then "yum install syslog-ng" which will also download all necessary dependencies.
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> <mailto:peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik
On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev <akivanradix@gmail.com> <mailto:akivanradix@gmail.com> wrote:
I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
The following errors i get:
--> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libpcre.so.0()(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any hints on this ?
Kind regards Ivan
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Sorry about the previus messages i was testing and so that i have put the wrong path of the certificates here it is *syslog-ng -Fevd *output [2016-05-12T13:48:13.274891] Filter rule evaluation begins; rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18' [2016-05-12T13:48:13.274901] Filter node evaluation result; result='not-match', type='facility' [2016-05-12T13:48:13.274912] Filter rule evaluation result; result='not-match', rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18' [2016-05-12T13:48:13.275397] Outgoing message; message='May 12 13:48:10 syslogserver.novalocal polkitd[630]: Unregistered Authentication Agent for unix-process:3014:242607 (system bus name :1.74, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) ' [2016-05-12T13:48:13.275469] Outgoing message; message='May 12 13:48:11 syslogserver.novalocal sshd[3012]: Connection closed by 115.85.192.40 [preauth] ' [2016-05-12T13:48:13.275519] Outgoing message; message='May 12 13:48:10 syslogserver.novalocal systemd[1]: Stopped System Logger Daemon. ' Ivan On 05/12/2016 01:43 PM, Várady, László wrote:
Hi,
Did you stop the syslog-ng daemon (systemctl stop syslog-ng) before running 'syslog-ng -Fevd' manually?
-- László Várady
On Thu, May 12, 2016 at 1:16 PM, Ivan Adji - Krstev <akivanradix@gmail.com <mailto:akivanradix@gmail.com>> wrote:
OK so i get syslog-ng running with the default configuration.... this have some problem with the TLS configuration.
What i have done i have create the certificate procedures ( self signed certificate ) on my laptop following this article: https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-g...
So i generate the server certificate on my laptop and the other certificates for the clients. I copy them and put the configuration.
Any other configuration in syslog-ng.conf to put and try to working with TLS ?
Kind regards
On 05/12/2016 12:42 PM, jrhendri wrote:
This has to be something very basic. Have you tried checking if another syslog server is running? ps -aef |grep syslog
Assuming this shows nothing, try a very simple syslog-ng config file and a manual start on the command line.
Make sure you check all the things in your configuration that your copy should open beforehand.
This should narrow down the problem I hope :-)
Jim
Sent from my Verizon, Samsung Galaxy smartphone
-------- Original message -------- From: Ivan Adji - Krstev <akivanradix@gmail.com> <mailto:akivanradix@gmail.com> Date: 5/12/16 5:26 AM (GMT-05:00) To: syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
So i have install EPEL and i have install syslog-ng and mongodb and when i start the syslog-ng service with *syslog-ng -Fevd *command i have the following error AGAIN :).
Im not sure what is it and how to prevent it and what to do. But i really need this to work :(.
[2016-05-12T05:21:10.739940] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)' [2016-05-12T05:21:10.739973] Error initializing message pipeline;
[root@syslogserver loganalyzer]# netstat -tupl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:27017 0.0.0.0:* LISTEN 1352/mongod tcp 0 0 0.0.0.0:syslog-tls 0.0.0.0:* LISTEN 11377/syslog-ng tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 8562/sshd tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 1778/master tcp6 0 0 [::]:http [::]:* LISTEN 11264/httpd tcp6 0 0 [::]:ssh [::]:* LISTEN 8562/sshd tcp6 0 0 localhost:smtp [::]:* LISTEN 1778/master udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 638/dhclient udp 0 0 0.0.0.0:60094 <http://0.0.0.0:60094> 0.0.0.0:* 638/dhclient udp6 0 0 [::]:3126 [::]:* 638/dhclient
[root@syslogserver loganalyzer]# lsof | grep LISTEN mongod 1352 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 1393 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2028 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2033 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2034 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2138 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2139 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2141 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2148 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2404 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2446 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2447 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2448 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2449 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2450 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2451 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 11380 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) master 1778 root 13u IPv4 15893 0t0 TCP localhost:smtp (LISTEN) master 1778 root 14u IPv6 15894 0t0 TCP localhost:smtp (LISTEN) sshd 8562 root 3u IPv4 23963 0t0 TCP *:ssh (LISTEN) sshd 8562 root 4u IPv6 23965 0t0 TCP *:ssh (LISTEN) httpd 11264 root 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11265 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11267 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11268 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11269 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11270 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11275 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11276 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11277 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11278 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) syslog-ng 11377 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11378 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11541 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) httpd 11384 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
and the source config is as follow:
source s_sys { system(); unix-stream("/dev/log"); internal(); network( port(6514) # tcp(port(5140)); # file("/proc/kmsg" log_prefix("kernel: ")); transport("tls") tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d")) ); };
destination d_mongodb { mongodb( # servers("localhost:27017") # database("syslog") # uri('mongodb://localhost/syslog-ng') collection("messages") value-pairs( scope("selected-macros" "nv-pairs" "sdata") ) ); };
Kind regards Ivan
On 05/10/2016 01:35 PM, Czanik, Péter wrote:
Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL, as some of the dependencies are missing from the base distribution: https://fedoraproject.org/wiki/EPEL
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> <mailto:peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik
On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev <akivanradix@gmail.com> <mailto:akivanradix@gmail.com> wrote:
Hi i note this error of mine but i try the other one:
https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... And i have the similar errors when ever i try to install on new CentOS
The procedure im doing is: Fresh installation of CentOS yum update yum install httpd php vim wget then install mongodb ( add repo ) then install syslog-ng ( add repo )
I'm using: CentOS Linux release 7.2.1511 (Core) And im having the following repos:
[root@syslogserver ~]# yum repolist Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch <http://mirror.switch.ch> * extras: mirror.switch.ch <http://mirror.switch.ch> * updates: mirror.switch.ch <http://mirror.switch.ch> repo id repo name status base/7/x86_64 CentOS-7 - Base 9,007 czanik-syslog-ng37/x86_64 Copr repo for syslog-ng37 owned by czanik 59 extras/7/x86_64 CentOS-7 - Extras 266 mongodb-org-3.2/7 MongoDB Repository 35 updates/7/x86_64 CentOS-7 - Updates 1,437 repolist: 10,804
[root@syslogserver ~]# yum install syslog-ng Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch <http://mirror.switch.ch> * extras: mirror.switch.ch <http://mirror.switch.ch> * updates: mirror.switch.ch <http://mirror.switch.ch> Resolving Dependencies --> Running transaction check ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libnet.so.1()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Running transaction check ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.30)(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: ivykis >= 0.36.1 Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.29)(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any idea ?
On 05/09/2016 04:09 PM, Czanik, Péter wrote:
Hi,
You should add the repository using the file: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... to yum and not just download individual packages. You can use then "yum install syslog-ng" which will also download all necessary dependencies.
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> <mailto:peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik
On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev <akivanradix@gmail.com> <mailto:akivanradix@gmail.com> wrote:
I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
The following errors i get:
--> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libpcre.so.0()(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any hints on this ?
Kind regards Ivan
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
This output is all about the messages you received, so I think you have a working configuration now. -- László Várady On Thu, May 12, 2016 at 1:49 PM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:
Sorry about the previus messages i was testing and so that i have put the wrong path of the certificates here it is *syslog-ng -Fevd *output
[2016-05-12T13:48:13.274891] Filter rule evaluation begins; rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18' [2016-05-12T13:48:13.274901] Filter node evaluation result; result='not-match', type='facility' [2016-05-12T13:48:13.274912] Filter rule evaluation result; result='not-match', rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18' [2016-05-12T13:48:13.275397] Outgoing message; message='May 12 13:48:10 syslogserver.novalocal polkitd[630]: Unregistered Authentication Agent for unix-process:3014:242607 (system bus name :1.74, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) ' [2016-05-12T13:48:13.275469] Outgoing message; message='May 12 13:48:11 syslogserver.novalocal sshd[3012]: Connection closed by 115.85.192.40 [preauth] ' [2016-05-12T13:48:13.275519] Outgoing message; message='May 12 13:48:10 syslogserver.novalocal systemd[1]: Stopped System Logger Daemon. '
Ivan
On 05/12/2016 01:43 PM, Várady, László wrote:
Hi,
Did you stop the syslog-ng daemon (systemctl stop syslog-ng) before running 'syslog-ng -Fevd' manually?
-- László Várady
On Thu, May 12, 2016 at 1:16 PM, Ivan Adji - Krstev <akivanradix@gmail.com
wrote:
OK so i get syslog-ng running with the default configuration.... this have some problem with the TLS configuration.
What i have done i have create the certificate procedures ( self signed certificate ) on my laptop following this article: https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-g...
So i generate the server certificate on my laptop and the other certificates for the clients. I copy them and put the configuration.
Any other configuration in syslog-ng.conf to put and try to working with TLS ?
Kind regards
On 05/12/2016 12:42 PM, jrhendri wrote:
This has to be something very basic. Have you tried checking if another syslog server is running? ps -aef |grep syslog
Assuming this shows nothing, try a very simple syslog-ng config file and a manual start on the command line.
Make sure you check all the things in your configuration that your copy should open beforehand.
This should narrow down the problem I hope :-)
Jim
Sent from my Verizon, Samsung Galaxy smartphone
-------- Original message -------- From: Ivan Adji - Krstev <akivanradix@gmail.com><akivanradix@gmail.com> <akivanradix@gmail.com> Date: 5/12/16 5:26 AM (GMT-05:00) To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
So i have install EPEL and i have install syslog-ng and mongodb and when i start the syslog-ng service with *syslog-ng -Fevd *command i have the following error AGAIN :).
Im not sure what is it and how to prevent it and what to do. But i really need this to work :(.
[2016-05-12T05:21:10.739940] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)' [2016-05-12T05:21:10.739973] Error initializing message pipeline;
[root@syslogserver loganalyzer]# netstat -tupl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:27017 0.0.0.0:* LISTEN 1352/mongod tcp 0 0 0.0.0.0:syslog-tls 0.0.0.0:* LISTEN 11377/syslog-ng tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 8562/sshd tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 1778/master tcp6 0 0 [::]:http [::]:* LISTEN 11264/httpd tcp6 0 0 [::]:ssh [::]:* LISTEN 8562/sshd tcp6 0 0 localhost:smtp [::]:* LISTEN 1778/master udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 638/dhclient udp 0 0 0.0.0.0:60094 0.0.0.0:* 638/dhclient udp6 0 0 [::]:3126 [::]:* 638/dhclient
[root@syslogserver loganalyzer]# lsof | grep LISTEN mongod 1352 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 1393 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2028 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2033 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2034 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2138 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2139 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2141 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2148 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2404 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2446 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2447 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2448 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2449 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2450 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2451 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 11380 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) master 1778 root 13u IPv4 15893 0t0 TCP localhost:smtp (LISTEN) master 1778 root 14u IPv6 15894 0t0 TCP localhost:smtp (LISTEN) sshd 8562 root 3u IPv4 23963 0t0 TCP *:ssh (LISTEN) sshd 8562 root 4u IPv6 23965 0t0 TCP *:ssh (LISTEN) httpd 11264 root 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11265 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11267 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11268 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11269 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11270 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11275 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11276 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11277 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11278 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) syslog-ng 11377 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11378 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11541 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) httpd 11384 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
and the source config is as follow:
source s_sys { system(); unix-stream("/dev/log"); internal(); network( port(6514) # tcp(port(5140)); # file("/proc/kmsg" log_prefix("kernel: ")); transport("tls") tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d")) ); };
destination d_mongodb { mongodb( # servers("localhost:27017") # database("syslog") # uri('mongodb://localhost/syslog-ng') collection("messages") value-pairs( scope("selected-macros" "nv-pairs" "sdata") ) ); };
Kind regards Ivan
On 05/10/2016 01:35 PM, Czanik, Péter wrote:
Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL, as some of the dependencies are missing from the base distribution:https://fedoraproject.org/wiki/EPEL
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> <peter.czanik@balabit.com> Balabit / syslog-ng upstreamhttp://czanik.blogs.balabit.com/https://twitter.com/PCzanik
On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev<akivanradix@gmail.com> <akivanradix@gmail.com> wrote:
Hi i note this error of mine but i try the other one: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... And i have the similar errors when ever i try to install on new CentOS
The procedure im doing is: Fresh installation of CentOS yum update yum install httpd php vim wget then install mongodb ( add repo ) then install syslog-ng ( add repo )
I'm using: CentOS Linux release 7.2.1511 (Core) And im having the following repos:
[root@syslogserver ~]# yum repolist Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch * extras: mirror.switch.ch * updates: mirror.switch.ch repo id repo name status base/7/x86_64 CentOS-7 - Base 9,007 czanik-syslog-ng37/x86_64 Copr repo for syslog-ng37 owned by czanik 59 extras/7/x86_64 CentOS-7 - Extras 266 mongodb-org-3.2/7 MongoDB Repository 35 updates/7/x86_64 CentOS-7 - Updates 1,437 repolist: 10,804
[root@syslogserver ~]# yum install syslog-ng Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch * extras: mirror.switch.ch * updates: mirror.switch.ch Resolving Dependencies --> Running transaction check ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libnet.so.1()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Running transaction check ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.30)(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: ivykis >= 0.36.1 Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.29)(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any idea ?
On 05/09/2016 04:09 PM, Czanik, Péter wrote:
Hi,
You should add the repository using the file:https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... to yum and not just download individual packages. You can use then "yum install syslog-ng" which will also download all necessary dependencies.
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> <peter.czanik@balabit.com> Balabit / syslog-ng upstreamhttp://czanik.blogs.balabit.com/https://twitter.com/PCzanik
On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev<akivanradix@gmail.com> <akivanradix@gmail.com> wrote:
I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
The following errors i get:
--> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libpcre.so.0()(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any hints on this ?
Kind regards Ivan
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Yes i guess but the syslog-ng is stop, how is it hes running ? I have execute *systemctl stop syslog-ng *How is that is running. And there is nothing in a process or in a network: [root@syslogserver syslog-ng]# ps axu | grep syslog root 3546 0.0 0.0 112644 964 pts/0 S+ 14:08 0:00 grep --color=auto syslog [root@syslogserver syslog-ng]# lsof | grep LISTEN sshd 825 root 3u IPv4 14259 0t0 TCP *:ssh (LISTEN) sshd 825 root 4u IPv6 14261 0t0 TCP *:ssh (LISTEN) mongod 1544 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1685 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1988 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1989 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1990 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1991 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1992 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1993 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1994 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1995 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1996 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1999 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 2000 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 2001 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 2002 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 2003 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) master 1818 root 13u IPv4 16766 0t0 TCP localhost:smtp (LISTEN) master 1818 root 14u IPv6 16767 0t0 TCP localhost:smtp (LISTEN) [root@syslogserver syslog-ng]# netstat -antup | grep 6514 [root@syslogserver syslog-ng]# On 05/12/2016 02:03 PM, Várady, László wrote:
This output is all about the messages you received, so I think you have a working configuration now.
-- László Várady
On Thu, May 12, 2016 at 1:49 PM, Ivan Adji - Krstev <akivanradix@gmail.com <mailto:akivanradix@gmail.com>> wrote:
Sorry about the previus messages i was testing and so that i have put the wrong path of the certificates here it is *syslog-ng -Fevd *output
[2016-05-12T13:48:13.274891] Filter rule evaluation begins; rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18' [2016-05-12T13:48:13.274901] Filter node evaluation result; result='not-match', type='facility' [2016-05-12T13:48:13.274912] Filter rule evaluation result; result='not-match', rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18' [2016-05-12T13:48:13.275397] Outgoing message; message='May 12 13:48:10 syslogserver.novalocal polkitd[630]: Unregistered Authentication Agent for unix-process:3014:242607 (system bus name :1.74, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) ' [2016-05-12T13:48:13.275469] Outgoing message; message='May 12 13:48:11 syslogserver.novalocal sshd[3012]: Connection closed by 115.85.192.40 [preauth] ' [2016-05-12T13:48:13.275519] Outgoing message; message='May 12 13:48:10 syslogserver.novalocal systemd[1]: Stopped System Logger Daemon. '
Ivan
On 05/12/2016 01:43 PM, Várady, László wrote:
Hi,
Did you stop the syslog-ng daemon (systemctl stop syslog-ng) before running 'syslog-ng -Fevd' manually?
-- László Várady
On Thu, May 12, 2016 at 1:16 PM, Ivan Adji - Krstev <akivanradix@gmail.com <mailto:akivanradix@gmail.com>> wrote:
OK so i get syslog-ng running with the default configuration.... this have some problem with the TLS configuration.
What i have done i have create the certificate procedures ( self signed certificate ) on my laptop following this article: https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-g...
So i generate the server certificate on my laptop and the other certificates for the clients. I copy them and put the configuration.
Any other configuration in syslog-ng.conf to put and try to working with TLS ?
Kind regards
On 05/12/2016 12:42 PM, jrhendri wrote:
This has to be something very basic. Have you tried checking if another syslog server is running? ps -aef |grep syslog
Assuming this shows nothing, try a very simple syslog-ng config file and a manual start on the command line.
Make sure you check all the things in your configuration that your copy should open beforehand.
This should narrow down the problem I hope :-)
Jim
Sent from my Verizon, Samsung Galaxy smartphone
-------- Original message -------- From: Ivan Adji - Krstev <akivanradix@gmail.com> <mailto:akivanradix@gmail.com> Date: 5/12/16 5:26 AM (GMT-05:00) To: syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
So i have install EPEL and i have install syslog-ng and mongodb and when i start the syslog-ng service with *syslog-ng -Fevd *command i have the following error AGAIN :).
Im not sure what is it and how to prevent it and what to do. But i really need this to work :(.
[2016-05-12T05:21:10.739940] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)' [2016-05-12T05:21:10.739973] Error initializing message pipeline;
[root@syslogserver loganalyzer]# netstat -tupl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:27017 0.0.0.0:* LISTEN 1352/mongod tcp 0 0 0.0.0.0:syslog-tls 0.0.0.0:* LISTEN 11377/syslog-ng tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 8562/sshd tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 1778/master tcp6 0 0 [::]:http [::]:* LISTEN 11264/httpd tcp6 0 0 [::]:ssh [::]:* LISTEN 8562/sshd tcp6 0 0 localhost:smtp [::]:* LISTEN 1778/master udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 638/dhclient udp 0 0 0.0.0.0:60094 <http://0.0.0.0:60094> 0.0.0.0:* 638/dhclient udp6 0 0 [::]:3126 [::]:* 638/dhclient
[root@syslogserver loganalyzer]# lsof | grep LISTEN mongod 1352 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 1393 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2028 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2033 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2034 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2138 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2139 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2141 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2148 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2404 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2446 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2447 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2448 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2449 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2450 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2451 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 11380 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) master 1778 root 13u IPv4 15893 0t0 TCP localhost:smtp (LISTEN) master 1778 root 14u IPv6 15894 0t0 TCP localhost:smtp (LISTEN) sshd 8562 root 3u IPv4 23963 0t0 TCP *:ssh (LISTEN) sshd 8562 root 4u IPv6 23965 0t0 TCP *:ssh (LISTEN) httpd 11264 root 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11265 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11267 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11268 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11269 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11270 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11275 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11276 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11277 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11278 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) syslog-ng 11377 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11378 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11541 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) httpd 11384 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
and the source config is as follow:
source s_sys { system(); unix-stream("/dev/log"); internal(); network( port(6514) # tcp(port(5140)); # file("/proc/kmsg" log_prefix("kernel: ")); transport("tls") tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d")) ); };
destination d_mongodb { mongodb( # servers("localhost:27017") # database("syslog") # uri('mongodb://localhost/syslog-ng') collection("messages") value-pairs( scope("selected-macros" "nv-pairs" "sdata") ) ); };
Kind regards Ivan
On 05/10/2016 01:35 PM, Czanik, Péter wrote:
Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL, as some of the dependencies are missing from the base distribution: https://fedoraproject.org/wiki/EPEL
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> <mailto:peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik
On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev <akivanradix@gmail.com> <mailto:akivanradix@gmail.com> wrote:
Hi i note this error of mine but i try the other one:
https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... And i have the similar errors when ever i try to install on new CentOS
The procedure im doing is: Fresh installation of CentOS yum update yum install httpd php vim wget then install mongodb ( add repo ) then install syslog-ng ( add repo )
I'm using: CentOS Linux release 7.2.1511 (Core) And im having the following repos:
[root@syslogserver ~]# yum repolist Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch <http://mirror.switch.ch> * extras: mirror.switch.ch <http://mirror.switch.ch> * updates: mirror.switch.ch <http://mirror.switch.ch> repo id repo name status base/7/x86_64 CentOS-7 - Base 9,007 czanik-syslog-ng37/x86_64 Copr repo for syslog-ng37 owned by czanik 59 extras/7/x86_64 CentOS-7 - Extras 266 mongodb-org-3.2/7 MongoDB Repository 35 updates/7/x86_64 CentOS-7 - Updates 1,437 repolist: 10,804
[root@syslogserver ~]# yum install syslog-ng Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch <http://mirror.switch.ch> * extras: mirror.switch.ch <http://mirror.switch.ch> * updates: mirror.switch.ch <http://mirror.switch.ch> Resolving Dependencies --> Running transaction check ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libnet.so.1()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Running transaction check ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.30)(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: ivykis >= 0.36.1 Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.29)(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any idea ?
On 05/09/2016 04:09 PM, Czanik, Péter wrote:
Hi,
You should add the repository using the file: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... to yum and not just download individual packages. You can use then "yum install syslog-ng" which will also download all necessary dependencies.
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> <mailto:peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik
On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev <akivanradix@gmail.com> <mailto:akivanradix@gmail.com> wrote:
I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
The following errors i get:
--> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libpcre.so.0()(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any hints on this ?
Kind regards Ivan
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
If I understand your problem correctly, you should just execute 'systemctl start syslog-ng' to start it again in daemon mode. On Thu, May 12, 2016 at 2:09 PM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:
Yes i guess but the syslog-ng is stop, how is it hes running ? I have execute *systemctl stop syslog-ng *How is that is running. And there is nothing in a process or in a network:
[root@syslogserver syslog-ng]# ps axu | grep syslog root 3546 0.0 0.0 112644 964 pts/0 S+ 14:08 0:00 grep --color=auto syslog
[root@syslogserver syslog-ng]# lsof | grep LISTEN sshd 825 root 3u IPv4 14259 0t0 TCP *:ssh (LISTEN) sshd 825 root 4u IPv6 14261 0t0 TCP *:ssh (LISTEN) mongod 1544 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1685 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1988 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1989 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1990 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1991 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1992 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1993 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1994 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1995 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1996 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1999 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 2000 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 2001 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 2002 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 2003 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) master 1818 root 13u IPv4 16766 0t0 TCP localhost:smtp (LISTEN) master 1818 root 14u IPv6 16767 0t0 TCP localhost:smtp (LISTEN) [root@syslogserver syslog-ng]# netstat -antup | grep 6514
[root@syslogserver syslog-ng]#
On 05/12/2016 02:03 PM, Várady, László wrote:
This output is all about the messages you received, so I think you have a working configuration now.
-- László Várady
On Thu, May 12, 2016 at 1:49 PM, Ivan Adji - Krstev <akivanradix@gmail.com
wrote:
Sorry about the previus messages i was testing and so that i have put the wrong path of the certificates here it is *syslog-ng -Fevd *output
[2016-05-12T13:48:13.274891] Filter rule evaluation begins; rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18' [2016-05-12T13:48:13.274901] Filter node evaluation result; result='not-match', type='facility' [2016-05-12T13:48:13.274912] Filter rule evaluation result; result='not-match', rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18' [2016-05-12T13:48:13.275397] Outgoing message; message='May 12 13:48:10 syslogserver.novalocal polkitd[630]: Unregistered Authentication Agent for unix-process:3014:242607 (system bus name :1.74, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) ' [2016-05-12T13:48:13.275469] Outgoing message; message='May 12 13:48:11 syslogserver.novalocal sshd[3012]: Connection closed by 115.85.192.40 [preauth] ' [2016-05-12T13:48:13.275519] Outgoing message; message='May 12 13:48:10 syslogserver.novalocal systemd[1]: Stopped System Logger Daemon. '
Ivan
On 05/12/2016 01:43 PM, Várady, László wrote:
Hi,
Did you stop the syslog-ng daemon (systemctl stop syslog-ng) before running 'syslog-ng -Fevd' manually?
-- László Várady
On Thu, May 12, 2016 at 1:16 PM, Ivan Adji - Krstev < <akivanradix@gmail.com>akivanradix@gmail.com> wrote:
OK so i get syslog-ng running with the default configuration.... this have some problem with the TLS configuration.
What i have done i have create the certificate procedures ( self signed certificate ) on my laptop following this article: https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-g...
So i generate the server certificate on my laptop and the other certificates for the clients. I copy them and put the configuration.
Any other configuration in syslog-ng.conf to put and try to working with TLS ?
Kind regards
On 05/12/2016 12:42 PM, jrhendri wrote:
This has to be something very basic. Have you tried checking if another syslog server is running? ps -aef |grep syslog
Assuming this shows nothing, try a very simple syslog-ng config file and a manual start on the command line.
Make sure you check all the things in your configuration that your copy should open beforehand.
This should narrow down the problem I hope :-)
Jim
Sent from my Verizon, Samsung Galaxy smartphone
-------- Original message -------- From: Ivan Adji - Krstev <akivanradix@gmail.com><akivanradix@gmail.com> <akivanradix@gmail.com> Date: 5/12/16 5:26 AM (GMT-05:00) To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
So i have install EPEL and i have install syslog-ng and mongodb and when i start the syslog-ng service with *syslog-ng -Fevd *command i have the following error AGAIN :).
Im not sure what is it and how to prevent it and what to do. But i really need this to work :(.
[2016-05-12T05:21:10.739940] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)' [2016-05-12T05:21:10.739973] Error initializing message pipeline;
[root@syslogserver loganalyzer]# netstat -tupl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:27017 0.0.0.0:* LISTEN 1352/mongod tcp 0 0 0.0.0.0:syslog-tls 0.0.0.0:* LISTEN 11377/syslog-ng tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 8562/sshd tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 1778/master tcp6 0 0 [::]:http [::]:* LISTEN 11264/httpd tcp6 0 0 [::]:ssh [::]:* LISTEN 8562/sshd tcp6 0 0 localhost:smtp [::]:* LISTEN 1778/master udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 638/dhclient udp 0 0 0.0.0.0:60094 0.0.0.0:* 638/dhclient udp6 0 0 [::]:3126 [::]:* 638/dhclient
[root@syslogserver loganalyzer]# lsof | grep LISTEN mongod 1352 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 1393 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2028 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2033 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2034 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2138 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2139 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2141 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2148 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2404 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2446 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2447 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2448 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2449 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2450 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2451 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 11380 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) master 1778 root 13u IPv4 15893 0t0 TCP localhost:smtp (LISTEN) master 1778 root 14u IPv6 15894 0t0 TCP localhost:smtp (LISTEN) sshd 8562 root 3u IPv4 23963 0t0 TCP *:ssh (LISTEN) sshd 8562 root 4u IPv6 23965 0t0 TCP *:ssh (LISTEN) httpd 11264 root 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11265 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11267 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11268 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11269 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11270 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11275 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11276 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11277 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11278 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) syslog-ng 11377 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11378 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11541 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) httpd 11384 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
and the source config is as follow:
source s_sys { system(); unix-stream("/dev/log"); internal(); network( port(6514) # tcp(port(5140)); # file("/proc/kmsg" log_prefix("kernel: ")); transport("tls") tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d")) ); };
destination d_mongodb { mongodb( # servers("localhost:27017") # database("syslog") # uri('mongodb://localhost/syslog-ng') collection("messages") value-pairs( scope("selected-macros" "nv-pairs" "sdata") ) ); };
Kind regards Ivan
On 05/10/2016 01:35 PM, Czanik, Péter wrote:
Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL, as some of the dependencies are missing from the base distribution:https://fedoraproject.org/wiki/EPEL
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> <peter.czanik@balabit.com> Balabit / syslog-ng upstreamhttp://czanik.blogs.balabit.com/https://twitter.com/PCzanik
On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev<akivanradix@gmail.com> <akivanradix@gmail.com> wrote:
Hi i note this error of mine but i try the other one: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... And i have the similar errors when ever i try to install on new CentOS
The procedure im doing is: Fresh installation of CentOS yum update yum install httpd php vim wget then install mongodb ( add repo ) then install syslog-ng ( add repo )
I'm using: CentOS Linux release 7.2.1511 (Core) And im having the following repos:
[root@syslogserver ~]# yum repolist Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch * extras: mirror.switch.ch * updates: mirror.switch.ch repo id repo name status base/7/x86_64 CentOS-7 - Base 9,007 czanik-syslog-ng37/x86_64 Copr repo for syslog-ng37 owned by czanik 59 extras/7/x86_64 CentOS-7 - Extras 266 mongodb-org-3.2/7 MongoDB Repository 35 updates/7/x86_64 CentOS-7 - Updates 1,437 repolist: 10,804
[root@syslogserver ~]# yum install syslog-ng Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch * extras: mirror.switch.ch * updates: mirror.switch.ch Resolving Dependencies --> Running transaction check ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libnet.so.1()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Running transaction check ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.30)(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: ivykis >= 0.36.1 Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.29)(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any idea ?
On 05/09/2016 04:09 PM, Czanik, Péter wrote:
Hi,
You should add the repository using the file:https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... to yum and not just download individual packages. You can use then "yum install syslog-ng" which will also download all necessary dependencies.
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> <peter.czanik@balabit.com> Balabit / syslog-ng upstreamhttp://czanik.blogs.balabit.com/https://twitter.com/PCzanik
On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev<akivanradix@gmail.com> <akivanradix@gmail.com> wrote:
I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
The following errors i get:
--> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libpcre.so.0()(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any hints on this ?
Kind regards Ivan
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
That is how i start any services or restart it or stop it. What i have done now is 1. systemctl stop syslog-ng 2. syslog-ng -Fevd And i have send you the output of it. I can see that I'm receiving logs from the clients, but im really confused how is working when its shutdown. Now if I execute *systemctl start syslog-ng *ill get the error. Also i have done the same procedures and they working fine. Now on a newly freshed installation i can't get it work. And i really don't know what to do next and where do i continue with. Kind regards Ivan On 05/12/2016 02:14 PM, Várady, László wrote:
If I understand your problem correctly, you should just execute 'systemctl start syslog-ng' to start it again in daemon mode.
On Thu, May 12, 2016 at 2:09 PM, Ivan Adji - Krstev <akivanradix@gmail.com <mailto:akivanradix@gmail.com>> wrote:
Yes i guess but the syslog-ng is stop, how is it hes running ? I have execute *systemctl stop syslog-ng *How is that is running. And there is nothing in a process or in a network:
[root@syslogserver syslog-ng]# ps axu | grep syslog root 3546 0.0 0.0 112644 964 pts/0 S+ 14:08 0:00 grep --color=auto syslog
[root@syslogserver syslog-ng]# lsof | grep LISTEN sshd 825 root 3u IPv4 14259 0t0 TCP *:ssh (LISTEN) sshd 825 root 4u IPv6 14261 0t0 TCP *:ssh (LISTEN) mongod 1544 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1685 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1988 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1989 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1990 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1991 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1992 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1993 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1994 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1995 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1996 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1999 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 2000 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 2001 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 2002 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 2003 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) master 1818 root 13u IPv4 16766 0t0 TCP localhost:smtp (LISTEN) master 1818 root 14u IPv6 16767 0t0 TCP localhost:smtp (LISTEN) [root@syslogserver syslog-ng]# netstat -antup | grep 6514
[root@syslogserver syslog-ng]#
On 05/12/2016 02:03 PM, Várady, László wrote:
This output is all about the messages you received, so I think you have a working configuration now.
-- László Várady
On Thu, May 12, 2016 at 1:49 PM, Ivan Adji - Krstev <akivanradix@gmail.com <mailto:akivanradix@gmail.com>> wrote:
Sorry about the previus messages i was testing and so that i have put the wrong path of the certificates here it is *syslog-ng -Fevd *output
[2016-05-12T13:48:13.274891] Filter rule evaluation begins; rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18' [2016-05-12T13:48:13.274901] Filter node evaluation result; result='not-match', type='facility' [2016-05-12T13:48:13.274912] Filter rule evaluation result; result='not-match', rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18' [2016-05-12T13:48:13.275397] Outgoing message; message='May 12 13:48:10 syslogserver.novalocal polkitd[630]: Unregistered Authentication Agent for unix-process:3014:242607 (system bus name :1.74, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) ' [2016-05-12T13:48:13.275469] Outgoing message; message='May 12 13:48:11 syslogserver.novalocal sshd[3012]: Connection closed by 115.85.192.40 [preauth] ' [2016-05-12T13:48:13.275519] Outgoing message; message='May 12 13:48:10 syslogserver.novalocal systemd[1]: Stopped System Logger Daemon. '
Ivan
On 05/12/2016 01:43 PM, Várady, László wrote:
Hi,
Did you stop the syslog-ng daemon (systemctl stop syslog-ng) before running 'syslog-ng -Fevd' manually?
-- László Várady
On Thu, May 12, 2016 at 1:16 PM, Ivan Adji - Krstev <akivanradix@gmail.com <mailto:akivanradix@gmail.com>> wrote:
OK so i get syslog-ng running with the default configuration.... this have some problem with the TLS configuration.
What i have done i have create the certificate procedures ( self signed certificate ) on my laptop following this article: https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-g...
So i generate the server certificate on my laptop and the other certificates for the clients. I copy them and put the configuration.
Any other configuration in syslog-ng.conf to put and try to working with TLS ?
Kind regards
On 05/12/2016 12:42 PM, jrhendri wrote:
This has to be something very basic. Have you tried checking if another syslog server is running? ps -aef |grep syslog
Assuming this shows nothing, try a very simple syslog-ng config file and a manual start on the command line.
Make sure you check all the things in your configuration that your copy should open beforehand.
This should narrow down the problem I hope :-)
Jim
Sent from my Verizon, Samsung Galaxy smartphone
-------- Original message -------- From: Ivan Adji - Krstev <akivanradix@gmail.com> <mailto:akivanradix@gmail.com> Date: 5/12/16 5:26 AM (GMT-05:00) To: syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
So i have install EPEL and i have install syslog-ng and mongodb and when i start the syslog-ng service with *syslog-ng -Fevd *command i have the following error AGAIN :).
Im not sure what is it and how to prevent it and what to do. But i really need this to work :(.
[2016-05-12T05:21:10.739940] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)' [2016-05-12T05:21:10.739973] Error initializing message pipeline;
[root@syslogserver loganalyzer]# netstat -tupl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:27017 0.0.0.0:* LISTEN 1352/mongod tcp 0 0 0.0.0.0:syslog-tls 0.0.0.0:* LISTEN 11377/syslog-ng tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 8562/sshd tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 1778/master tcp6 0 0 [::]:http [::]:* LISTEN 11264/httpd tcp6 0 0 [::]:ssh [::]:* LISTEN 8562/sshd tcp6 0 0 localhost:smtp [::]:* LISTEN 1778/master udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 638/dhclient udp 0 0 0.0.0.0:60094 <http://0.0.0.0:60094> 0.0.0.0:* 638/dhclient udp6 0 0 [::]:3126 [::]:* 638/dhclient
[root@syslogserver loganalyzer]# lsof | grep LISTEN mongod 1352 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 1393 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2028 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2033 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2034 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2138 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2139 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2141 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2148 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2404 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2446 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2447 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2448 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2449 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2450 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2451 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 11380 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) master 1778 root 13u IPv4 15893 0t0 TCP localhost:smtp (LISTEN) master 1778 root 14u IPv6 15894 0t0 TCP localhost:smtp (LISTEN) sshd 8562 root 3u IPv4 23963 0t0 TCP *:ssh (LISTEN) sshd 8562 root 4u IPv6 23965 0t0 TCP *:ssh (LISTEN) httpd 11264 root 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11265 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11267 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11268 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11269 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11270 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11275 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11276 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11277 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11278 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) syslog-ng 11377 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11378 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11541 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) httpd 11384 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
and the source config is as follow:
source s_sys { system(); unix-stream("/dev/log"); internal(); network( port(6514) # tcp(port(5140)); # file("/proc/kmsg" log_prefix("kernel: ")); transport("tls") tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d")) ); };
destination d_mongodb { mongodb( # servers("localhost:27017") # database("syslog") # uri('mongodb://localhost/syslog-ng') collection("messages") value-pairs( scope("selected-macros" "nv-pairs" "sdata") ) ); };
Kind regards Ivan
On 05/10/2016 01:35 PM, Czanik, Péter wrote:
Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL, as some of the dependencies are missing from the base distribution: https://fedoraproject.org/wiki/EPEL
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> <mailto:peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik
On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev <akivanradix@gmail.com> <mailto:akivanradix@gmail.com> wrote:
Hi i note this error of mine but i try the other one:
https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... And i have the similar errors when ever i try to install on new CentOS
The procedure im doing is: Fresh installation of CentOS yum update yum install httpd php vim wget then install mongodb ( add repo ) then install syslog-ng ( add repo )
I'm using: CentOS Linux release 7.2.1511 (Core) And im having the following repos:
[root@syslogserver ~]# yum repolist Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch <http://mirror.switch.ch> * extras: mirror.switch.ch <http://mirror.switch.ch> * updates: mirror.switch.ch <http://mirror.switch.ch> repo id repo name status base/7/x86_64 CentOS-7 - Base 9,007 czanik-syslog-ng37/x86_64 Copr repo for syslog-ng37 owned by czanik 59 extras/7/x86_64 CentOS-7 - Extras 266 mongodb-org-3.2/7 MongoDB Repository 35 updates/7/x86_64 CentOS-7 - Updates 1,437 repolist: 10,804
[root@syslogserver ~]# yum install syslog-ng Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch <http://mirror.switch.ch> * extras: mirror.switch.ch <http://mirror.switch.ch> * updates: mirror.switch.ch <http://mirror.switch.ch> Resolving Dependencies --> Running transaction check ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libnet.so.1()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Running transaction check ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.30)(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: ivykis >= 0.36.1 Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.29)(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any idea ?
On 05/09/2016 04:09 PM, Czanik, Péter wrote:
Hi,
You should add the repository using the file: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... to yum and not just download individual packages. You can use then "yum install syslog-ng" which will also download all necessary dependencies.
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> <mailto:peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik
On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev <akivanradix@gmail.com> <mailto:akivanradix@gmail.com> wrote:
I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
The following errors i get:
--> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libpcre.so.0()(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any hints on this ?
Kind regards Ivan
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
I'm a bit confused now. The syslog-ng -Fevd starts the syslog-ng in the foreground. When you press Ctrl-C or would like to do anything with that terminal, it stop working. If you want to run the syslog-ng in the long term, you should start it through the systemctl command. But make sure, that you start the same syslog-ng in both time and use the same config too. Also remember that both syslog-ng cannot run in the same time. So you have to stop the one you started from the console before start it with the systemctl. What error do you get when you start with systemctl? On Thu, May 12, 2016 at 2:21 PM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:
That is how i start any services or restart it or stop it. What i have done now is 1. systemctl stop syslog-ng 2. syslog-ng -Fevd
And i have send you the output of it. I can see that I'm receiving logs from the clients, but im really confused how is working when its shutdown. Now if I execute *systemctl start syslog-ng *ill get the error.
Also i have done the same procedures and they working fine. Now on a newly freshed installation i can't get it work.
And i really don't know what to do next and where do i continue with.
Kind regards Ivan
On 05/12/2016 02:14 PM, Várady, László wrote:
If I understand your problem correctly, you should just execute 'systemctl start syslog-ng' to start it again in daemon mode.
On Thu, May 12, 2016 at 2:09 PM, Ivan Adji - Krstev <akivanradix@gmail.com
wrote:
Yes i guess but the syslog-ng is stop, how is it hes running ? I have execute *systemctl stop syslog-ng *How is that is running. And there is nothing in a process or in a network:
[root@syslogserver syslog-ng]# ps axu | grep syslog root 3546 0.0 0.0 112644 964 pts/0 S+ 14:08 0:00 grep --color=auto syslog
[root@syslogserver syslog-ng]# lsof | grep LISTEN sshd 825 root 3u IPv4 14259 0t0 TCP *:ssh (LISTEN) sshd 825 root 4u IPv6 14261 0t0 TCP *:ssh (LISTEN) mongod 1544 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1685 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1988 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1989 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1990 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1991 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1992 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1993 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1994 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1995 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1996 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 1999 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 2000 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 2001 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 2002 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) mongod 1544 2003 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN) master 1818 root 13u IPv4 16766 0t0 TCP localhost:smtp (LISTEN) master 1818 root 14u IPv6 16767 0t0 TCP localhost:smtp (LISTEN) [root@syslogserver syslog-ng]# netstat -antup | grep 6514
[root@syslogserver syslog-ng]#
On 05/12/2016 02:03 PM, Várady, László wrote:
This output is all about the messages you received, so I think you have a working configuration now.
-- László Várady
On Thu, May 12, 2016 at 1:49 PM, Ivan Adji - Krstev < akivanradix@gmail.com> wrote:
Sorry about the previus messages i was testing and so that i have put the wrong path of the certificates here it is *syslog-ng -Fevd *output
[2016-05-12T13:48:13.274891] Filter rule evaluation begins; rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18' [2016-05-12T13:48:13.274901] Filter node evaluation result; result='not-match', type='facility' [2016-05-12T13:48:13.274912] Filter rule evaluation result; result='not-match', rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18' [2016-05-12T13:48:13.275397] Outgoing message; message='May 12 13:48:10 syslogserver.novalocal polkitd[630]: Unregistered Authentication Agent for unix-process:3014:242607 (system bus name :1.74, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) ' [2016-05-12T13:48:13.275469] Outgoing message; message='May 12 13:48:11 syslogserver.novalocal sshd[3012]: Connection closed by 115.85.192.40 [preauth] ' [2016-05-12T13:48:13.275519] Outgoing message; message='May 12 13:48:10 syslogserver.novalocal systemd[1]: Stopped System Logger Daemon. '
Ivan
On 05/12/2016 01:43 PM, Várady, László wrote:
Hi,
Did you stop the syslog-ng daemon (systemctl stop syslog-ng) before running 'syslog-ng -Fevd' manually?
-- László Várady
On Thu, May 12, 2016 at 1:16 PM, Ivan Adji - Krstev < akivanradix@gmail.com> wrote:
OK so i get syslog-ng running with the default configuration.... this have some problem with the TLS configuration.
What i have done i have create the certificate procedures ( self signed certificate ) on my laptop following this article: https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-g...
So i generate the server certificate on my laptop and the other certificates for the clients. I copy them and put the configuration.
Any other configuration in syslog-ng.conf to put and try to working with TLS ?
Kind regards
On 05/12/2016 12:42 PM, jrhendri wrote:
This has to be something very basic. Have you tried checking if another syslog server is running? ps -aef |grep syslog
Assuming this shows nothing, try a very simple syslog-ng config file and a manual start on the command line.
Make sure you check all the things in your configuration that your copy should open beforehand.
This should narrow down the problem I hope :-)
Jim
Sent from my Verizon, Samsung Galaxy smartphone
-------- Original message -------- From: Ivan Adji - Krstev <akivanradix@gmail.com> <akivanradix@gmail.com> Date: 5/12/16 5:26 AM (GMT-05:00) To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
So i have install EPEL and i have install syslog-ng and mongodb and when i start the syslog-ng service with *syslog-ng -Fevd *command i have the following error AGAIN :).
Im not sure what is it and how to prevent it and what to do. But i really need this to work :(.
[2016-05-12T05:21:10.739940] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)' [2016-05-12T05:21:10.739973] Error initializing message pipeline;
[root@syslogserver loganalyzer]# netstat -tupl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:27017 0.0.0.0:* LISTEN 1352/mongod tcp 0 0 0.0.0.0:syslog-tls 0.0.0.0:* LISTEN 11377/syslog-ng tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 8562/sshd tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 1778/master tcp6 0 0 [::]:http [::]:* LISTEN 11264/httpd tcp6 0 0 [::]:ssh [::]:* LISTEN 8562/sshd tcp6 0 0 localhost:smtp [::]:* LISTEN 1778/master udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 638/dhclient udp 0 0 0.0.0.0:60094 0.0.0.0:* 638/dhclient udp6 0 0 [::]:3126 [::]:* 638/dhclient
[root@syslogserver loganalyzer]# lsof | grep LISTEN mongod 1352 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 1393 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2028 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2033 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2034 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2138 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2139 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2141 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2148 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2404 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2446 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2447 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2448 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2449 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2450 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2451 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 11380 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) master 1778 root 13u IPv4 15893 0t0 TCP localhost:smtp (LISTEN) master 1778 root 14u IPv6 15894 0t0 TCP localhost:smtp (LISTEN) sshd 8562 root 3u IPv4 23963 0t0 TCP *:ssh (LISTEN) sshd 8562 root 4u IPv6 23965 0t0 TCP *:ssh (LISTEN) httpd 11264 root 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11265 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11267 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11268 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11269 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11270 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11275 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11276 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11277 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11278 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) syslog-ng 11377 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11378 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11541 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) httpd 11384 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
and the source config is as follow:
source s_sys { system(); unix-stream("/dev/log"); internal(); network( port(6514) # tcp(port(5140)); # file("/proc/kmsg" log_prefix("kernel: ")); transport("tls") tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d")) ); };
destination d_mongodb { mongodb( # servers("localhost:27017") # database("syslog") # uri('mongodb://localhost/syslog-ng') collection("messages") value-pairs( scope("selected-macros" "nv-pairs" "sdata") ) ); };
Kind regards Ivan
On 05/10/2016 01:35 PM, Czanik, Péter wrote:
Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL, as some of the dependencies are missing from the base distribution:https://fedoraproject.org/wiki/EPEL
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> <peter.czanik@balabit.com> Balabit / syslog-ng upstreamhttp://czanik.blogs.balabit.com/https://twitter.com/PCzanik
On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev<akivanradix@gmail.com> <akivanradix@gmail.com> wrote:
Hi i note this error of mine but i try the other one: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... And i have the similar errors when ever i try to install on new CentOS
The procedure im doing is: Fresh installation of CentOS yum update yum install httpd php vim wget then install mongodb ( add repo ) then install syslog-ng ( add repo )
I'm using: CentOS Linux release 7.2.1511 (Core) And im having the following repos:
[root@syslogserver ~]# yum repolist Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch * extras: mirror.switch.ch * updates: mirror.switch.ch repo id repo name status base/7/x86_64 CentOS-7 - Base 9,007 czanik-syslog-ng37/x86_64 Copr repo for syslog-ng37 owned by czanik 59 extras/7/x86_64 CentOS-7 - Extras 266 mongodb-org-3.2/7 MongoDB Repository 35 updates/7/x86_64 CentOS-7 - Updates 1,437 repolist: 10,804
[root@syslogserver ~]# yum install syslog-ng Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch * extras: mirror.switch.ch * updates: mirror.switch.ch Resolving Dependencies --> Running transaction check ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libnet.so.1()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Running transaction check ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.30)(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: ivykis >= 0.36.1 Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.29)(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any idea ?
On 05/09/2016 04:09 PM, Czanik, Péter wrote:
Hi,
You should add the repository using the file:https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... to yum and not just download individual packages. You can use then "yum install syslog-ng" which will also download all necessary dependencies.
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> <peter.czanik@balabit.com> Balabit / syslog-ng upstreamhttp://czanik.blogs.balabit.com/https://twitter.com/PCzanik
On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev<akivanradix@gmail.com> <akivanradix@gmail.com> wrote:
I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
The following errors i get:
--> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libpcre.so.0()(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any hints on this ?
Kind regards Ivan
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Is it possible the error comes from the certificates that i have create from my laptop and not from the server itself ? I have configured syslog-ng before with TLS and it runs excellent. What can be the problem ? Kind regards Ivan On 05/12/2016 12:42 PM, jrhendri wrote:
This has to be something very basic. Have you tried checking if another syslog server is running? ps -aef |grep syslog
Assuming this shows nothing, try a very simple syslog-ng config file and a manual start on the command line.
Make sure you check all the things in your configuration that your copy should open beforehand.
This should narrow down the problem I hope :-)
Jim
Sent from my Verizon, Samsung Galaxy smartphone
-------- Original message -------- From: Ivan Adji - Krstev <akivanradix@gmail.com> Date: 5/12/16 5:26 AM (GMT-05:00) To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
So i have install EPEL and i have install syslog-ng and mongodb and when i start the syslog-ng service with *syslog-ng -Fevd *command i have the following error AGAIN :).
Im not sure what is it and how to prevent it and what to do. But i really need this to work :(.
[2016-05-12T05:21:10.739940] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)' [2016-05-12T05:21:10.739973] Error initializing message pipeline;
[root@syslogserver loganalyzer]# netstat -tupl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:27017 0.0.0.0:* LISTEN 1352/mongod tcp 0 0 0.0.0.0:syslog-tls 0.0.0.0:* LISTEN 11377/syslog-ng tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 8562/sshd tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 1778/master tcp6 0 0 [::]:http [::]:* LISTEN 11264/httpd tcp6 0 0 [::]:ssh [::]:* LISTEN 8562/sshd tcp6 0 0 localhost:smtp [::]:* LISTEN 1778/master udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 638/dhclient udp 0 0 0.0.0.0:60094 0.0.0.0:* 638/dhclient udp6 0 0 [::]:3126 [::]:* 638/dhclient
[root@syslogserver loganalyzer]# lsof | grep LISTEN mongod 1352 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 1393 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2028 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2033 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2034 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2138 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2139 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2141 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2148 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2404 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2446 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2447 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2448 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2449 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2450 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2451 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 11380 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) master 1778 root 13u IPv4 15893 0t0 TCP localhost:smtp (LISTEN) master 1778 root 14u IPv6 15894 0t0 TCP localhost:smtp (LISTEN) sshd 8562 root 3u IPv4 23963 0t0 TCP *:ssh (LISTEN) sshd 8562 root 4u IPv6 23965 0t0 TCP *:ssh (LISTEN) httpd 11264 root 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11265 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11267 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11268 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11269 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11270 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11275 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11276 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11277 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11278 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) syslog-ng 11377 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11378 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11541 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) httpd 11384 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
and the source config is as follow:
source s_sys { system(); unix-stream("/dev/log"); internal(); network( port(6514) # tcp(port(5140)); # file("/proc/kmsg" log_prefix("kernel: ")); transport("tls") tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d")) ); };
destination d_mongodb { mongodb( # servers("localhost:27017") # database("syslog") # uri('mongodb://localhost/syslog-ng') collection("messages") value-pairs( scope("selected-macros" "nv-pairs" "sdata") ) ); };
Kind regards Ivan
On 05/10/2016 01:35 PM, Czanik, Péter wrote:
Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL, as some of the dependencies are missing from the base distribution: https://fedoraproject.org/wiki/EPEL
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik
On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:
Hi i note this error of mine but i try the other one:
https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... And i have the similar errors when ever i try to install on new CentOS
The procedure im doing is: Fresh installation of CentOS yum update yum install httpd php vim wget then install mongodb ( add repo ) then install syslog-ng ( add repo )
I'm using: CentOS Linux release 7.2.1511 (Core) And im having the following repos:
[root@syslogserver ~]# yum repolist Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch * extras: mirror.switch.ch * updates: mirror.switch.ch repo id repo name status base/7/x86_64 CentOS-7 - Base 9,007 czanik-syslog-ng37/x86_64 Copr repo for syslog-ng37 owned by czanik 59 extras/7/x86_64 CentOS-7 - Extras 266 mongodb-org-3.2/7 MongoDB Repository 35 updates/7/x86_64 CentOS-7 - Updates 1,437 repolist: 10,804
[root@syslogserver ~]# yum install syslog-ng Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch * extras: mirror.switch.ch * updates: mirror.switch.ch Resolving Dependencies --> Running transaction check ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libnet.so.1()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Running transaction check ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.30)(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: ivykis >= 0.36.1 Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.29)(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any idea ?
On 05/09/2016 04:09 PM, Czanik, Péter wrote:
Hi,
You should add the repository using the file: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... to yum and not just download individual packages. You can use then "yum install syslog-ng" which will also download all necessary dependencies.
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik
On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:
I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
The following errors i get:
--> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libpcre.so.0()(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any hints on this ?
Kind regards Ivan
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (4)
-
Attila Szalai
-
Ivan Adji - Krstev
-
jrhendri
-
Várady, László