[syslog-ng] Elasticsearch destination and date macros
Fabien Wernli
wernli at in2p3.fr
Mon Aug 22 18:46:39 CEST 2016
Hi Adam,
On Mon, Aug 22, 2016 at 04:30:43PM +0000, Adam Carter wrote:
> [2016-08-22T17:26:35.440602] Sending destination program a TERM signal; cmdline='/usr/share/syslog-ng/include/scl/elasticsearch/es-bridge localhost 9200 syslog-ng-${YEAR} syslog-ng', child_pid='12134'
This log line suggests you're using the deprecated python script which wraps
the elasticsearch destination. It's surprising the script is still present
on your system.
Could you check by what package it's being provided?
You should use the elasticsearch or elasticsearch2 destinations
depending on your version. The best option here unless you need high
throughput would be to use the elasticsearch2 destination with HTTP client
mode as that would be the most compatible. It will require java on your
system.
Please check the online documentation on how to use the new destination.
More information about the syslog-ng
mailing list