source plugin network not found/problems getting syslog-ng to listen on tcp port
Hello, I'm new to syslog-ng, and I'm having some trouble just getting it to listen on a tcp port. I've tried several different configurations. Some of the start up with no error, but a netstat or lsof command shows that there is no open /listening tcp port associated with the process. I'm pretty sure my mistake is basic or fundamental, but I haven't had much luck finding specific details to resolve this issue; there is a fair amount of material to comb through. I've tried several different tutorials. I want a central log server that accepts logs from multiple sources, so I started by trying to configure it to listen on a tcp port, I'm thinking 514 because we don't use rshell anywhere, but it doesn't really matter what port. The current error I'm getting is: [root@ip-10-8-41-60 syslog-ng]# service syslog-ng start Error parsing source, source plugin network not found in /etc/syslog-ng/syslog-ng.conf at line 85, column 2: network( ^^^^^^^ The section of the config file related to networking is below; I've commented out several attempts. # s_net = Network listener. This is listening on TCP port 514, no UDP #source s_net { tcp(port(514) max-connections(5000)); udp();}; #source s_net { # tcp(ip(10.8.41.60) port(514)); #}; #source s_net { # network(ip(10.8.41.60) port(514)); #}; #source s_network { # default-network-drivers(); #}; #source s_syslog { syslog( # ip(10.8.41.60) port(514) transport("tcp")); }; source s_network { network( ip("10.8.41.60") transport("tcp") listen-backlog(2048) ); }; There is a line at the top of the file: @include "scl.conf" I've attached the entire file. Any guidance would be very much appreciated, Simon Tyler | Senior Systems Administrator - PathWise Solutions Group Aon 225 King Street West, Suite 1000 | Toronto, ON M5V 3M2, Canada t +1.416.263.7755 | m +1.416.564.4855 | f +1.416.979.7724 simon.tyler@aon.com<mailto:simon.tyler@aon.com> PLEASE NOTE that my email address has changed to simon.tyler@aon.com
Hello, It either looks for a wrong place for the network module or that actually really not installed. You could run the following: syslog-ng -V That should provide something like this: syslog-ng 3.20.1.317.g98479aa Config version: 3.20 Installer-Version: 3.20.1.317.g98479aa Revision: 3.20.1.317.g98479aa Module-Directory: /tmp/install/lib/syslog-ng Module-Path: /tmp/install/lib/syslog-ng Include-Path: /tmp/install/share/syslog-ng/include Available-Modules: xml,tags-parser,system-source,sdjournal,syslogformat,stardate,snmptrapd_parser,riemann,mod-python,pseudofile,pacctformat,map_value_pairs,linux-kmsg-format,kvformat,json-plugin,http,hook-commands,graphite,tfgetent,geoip2-plugin,geoip-plugin,examples,disk-buffer,dbparser,date,csvparser,cryptofuncs,confgen,cef,basicfuncs,appmodel,afuser,afstomp,afsql,afsocket,afprog,affile,afamqp,add_contextual_data Enable-Debug: on Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: off Enable-TCP-Wrapper: off Enable-Linux-Caps: on Enable-Systemd: on Check if the "Available-Modules" line has the *afsocket*, if the *afsocket* is not listed there, try to look in the "Module-Path:" directory for *libafsocket.so", if it is missing maybe it is actually in a different package, you may need to install something like syslog-ng-mod-afsocket. If you find the *libafsocket.so* in the directory I would run syslog-ng --module-registry -dvt (possibly past its result here) or look for error message as why it cannot load *libafsocket.so*. -- Kokan On Wed, May 1, 2019 at 5:22 PM Simon Tyler <simon.tyler@aon.com> wrote:
Hello,
I’m new to syslog-ng, and I’m having some trouble just getting it to listen on a tcp port. I’ve tried several different configurations. Some of the start up with no error, but a netstat or lsof command shows that there is no open /listening tcp port associated with the process. I’m pretty sure my mistake is basic or fundamental, but I haven’t had much luck finding specific details to resolve this issue; there is a fair amount of material to comb through. I’ve tried several different tutorials.
I want a central log server that accepts logs from multiple sources, so I started by trying to configure it to listen on a tcp port, I’m thinking 514 because we don’t use rshell anywhere, but it doesn’t really matter what port.
The current error I’m getting is:
[root@ip-10-8-41-60 syslog-ng]# service syslog-ng start
Error parsing source, source plugin network not found in /etc/syslog-ng/syslog-ng.conf at line 85, column 2:
network(
^^^^^^^
The section of the config file related to networking is below; I’ve commented out several attempts.
# s_net = Network listener. This is listening on TCP port 514, no UDP
#source s_net { tcp(port(514) max-connections(5000)); udp();};
#source s_net {
# tcp(ip(10.8.41.60) port(514));
#};
#source s_net {
# network(ip(10.8.41.60) port(514));
#};
#source s_network {
# default-network-drivers();
#};
#source s_syslog { syslog(
# ip(10.8.41.60) port(514) transport("tcp")); };
source s_network {
network(
ip("10.8.41.60")
transport("tcp")
listen-backlog(2048)
);
};
There is a line at the top of the file:
@include "scl.conf"
I’ve attached the entire file.
Any guidance would be very much appreciated,
*Simon Tyler *| Senior Systems Administrator - PathWise Solutions Group Aon 225 King Street West, Suite 1000 | Toronto, ON M5V 3M2, Canada t +1.416.263.7755 | m +1.416.564.4855 | f +1.416.979.7724 *simon.tyler@aon.com <simon.tyler@aon.com>*
*PLEASE NOTE that my email address has changed to simon.tyler@aon.com <http://simon.tyler@aon.com>*
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (2)
-
Péter, Kókai
-
Simon Tyler