[syslog-ng] elasticsearch 5 on rhe 6.4
Russell Fulton
r.fulton at auckland.ac.nz
Thu Dec 8 02:30:24 UTC 2016
Hi
I had syslog-ng 3.8.1 (built from tar ball) working nicely with ES 2.x running on the local machine as a pilot. Last week I got two new machines to run ES on with lots of memory and SSD. I installed ES 5.x on them and upgraded ES to 5.x on the original pilot machine.
So I now have a cluster of 3.
Back to the original machine that has the feed from syslog-ng I was puzzled by the stream of error messages regarding 2.x client that was trying to connect. It took me a while to figure out that this must be the syslog-ng plug in. Stopping syslog-ng stopped the errors.
A web search quickly found:
https://www.balabit.com/blog/syslog-ng-and-elasticsearch-5-getting-started-on-rhelcentos/
So I set about reinstalling syslog-ng from Peter’s repos — there were some issues but I got there without too much problem. (see notes at the end).
My config file matched the blog example pretty closely - I need to add the http transport for ES 5.x but that was the only change,
When I tried to start the new version of syslog-ng I get an error saying that it can not find the elasticsearch2 plugin. I can’t find any reference to insgtalling the plugin in the post. Did I miss something.
My old config also had @module mod-java line but this does not appear to make any difference.
I have gone back to the 3.8 manual but can not find anything about having to install the ES plugin so I am thoroughly puzzled.
Any ideas what is wrong?
Russell
Problems with the syslog-ng epel 6 repos:
since I was on RHE 6 I figured I needed the epel6 rather than the epel7 repo so I
wget https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng38/repo/epel-6/czanik-syslog-ng38-epel-6.repo
but when I tried to install Yum said
https://copr-be.cloud.fedoraproject.org/results/czanik/syslog-ng38/epel-6-x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found”
After a little poking I figured that the url should be /syslog-ng38eple6/ and that worked.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3837 bytes
Desc: not available
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20161208/6b099674/attachment.bin>
More information about the syslog-ng
mailing list