Hi I had syslog-ng 3.8.1 (built from tar ball) working nicely with ES 2.x running on the local machine as a pilot. Last week I got two new machines to run ES on with lots of memory and SSD. I installed ES 5.x on them and upgraded ES to 5.x on the original pilot machine. So I now have a cluster of 3. Back to the original machine that has the feed from syslog-ng I was puzzled by the stream of error messages regarding 2.x client that was trying to connect. It took me a while to figure out that this must be the syslog-ng plug in. Stopping syslog-ng stopped the errors. A web search quickly found: https://www.balabit.com/blog/syslog-ng-and-elasticsearch-5-getting-started-o... So I set about reinstalling syslog-ng from Peter’s repos — there were some issues but I got there without too much problem. (see notes at the end). My config file matched the blog example pretty closely - I need to add the http transport for ES 5.x but that was the only change, When I tried to start the new version of syslog-ng I get an error saying that it can not find the elasticsearch2 plugin. I can’t find any reference to insgtalling the plugin in the post. Did I miss something. My old config also had @module mod-java line but this does not appear to make any difference. I have gone back to the 3.8 manual but can not find anything about having to install the ES plugin so I am thoroughly puzzled. Any ideas what is wrong? Russell Problems with the syslog-ng epel 6 repos: since I was on RHE 6 I figured I needed the epel6 rather than the epel7 repo so I wget https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng38/repo/epel-6/czani... but when I tried to install Yum said https://copr-be.cloud.fedoraproject.org/results/czanik/syslog-ng38/epel-6-x8...: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found” After a little poking I figured that the url should be /syslog-ng38eple6/ and that worked.
Hi, This is the part installing the elasticsearch2 driver: yum install syslog-ng-java My syslog-ng package is broken into a core package and sub packages, as I want to make all components available, but don't want to install everything by default due to the large number of dependent packages. The above package includes all the java-based destination drivers. Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream https://www.balabit.com/blog/author/peterczanik/ https://twitter.com/PCzanik On Thu, Dec 8, 2016 at 3:30 AM, Russell Fulton <r.fulton@auckland.ac.nz> wrote:
Hi
I had syslog-ng 3.8.1 (built from tar ball) working nicely with ES 2.x running on the local machine as a pilot. Last week I got two new machines to run ES on with lots of memory and SSD. I installed ES 5.x on them and upgraded ES to 5.x on the original pilot machine.
So I now have a cluster of 3.
Back to the original machine that has the feed from syslog-ng I was puzzled by the stream of error messages regarding 2.x client that was trying to connect. It took me a while to figure out that this must be the syslog-ng plug in. Stopping syslog-ng stopped the errors.
A web search quickly found:
https://www.balabit.com/blog/syslog-ng-and-elasticsearch-5- getting-started-on-rhelcentos/
So I set about reinstalling syslog-ng from Peter’s repos — there were some issues but I got there without too much problem. (see notes at the end).
My config file matched the blog example pretty closely - I need to add the http transport for ES 5.x but that was the only change,
When I tried to start the new version of syslog-ng I get an error saying that it can not find the elasticsearch2 plugin. I can’t find any reference to insgtalling the plugin in the post. Did I miss something.
My old config also had @module mod-java line but this does not appear to make any difference.
I have gone back to the 3.8 manual but can not find anything about having to install the ES plugin so I am thoroughly puzzled.
Any ideas what is wrong?
Russell
Problems with the syslog-ng epel 6 repos:
since I was on RHE 6 I figured I needed the epel6 rather than the epel7 repo so I wget https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng38/ repo/epel-6/czanik-syslog-ng38-epel-6.repo but when I tried to install Yum said
https://copr-be.cloud.fedoraproject.org/results/ czanik/syslog-ng38/epel-6-x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found”
After a little poking I figured that the url should be /syslog-ng38eple6/ and that worked.
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (2)
-
Czanik, Péter
-
Russell Fulton