[syslog-ng] syslog-ng 3.7.2 + ES 2.2.0
Robin Blanchard
rblanchard at nephilaadvisors.com
Thu Mar 3 23:22:44 CET 2016
Hi,
I'm trying to push from syslog-ng-3.7.2 (yum repo czanik-syslog-ng37) directly into a single-node ES 2.2.0 (yum repo elasticsearch-2.x).
Relevant syslog-ng.conf snippet:
destination d_elasticsearch {
elasticsearch(
index("syslog-ng_${YEAR}.${MONTH}.${DAY}")
type("syslog-ng")
class-path("/usr/lib64/syslog-ng/java-modules/*.jar:/usr/lib/syslog-ng-java-module-dependency-jars/jars/*.jar:/usr/share/elasticsearch/lib/*.jar:/usr/share/elasticsearch/modules/*.jar")
client_mode("node")
server("127.0.0.1")
port("9300")
cluster("dev-elasticsearch")
#client_mode("transport")
#resource("/etc/elasticsearch/elasticsearch.yml")
template("$(format-json -s all-nv-pairs -p @timestamp=$ISODATE -p @message=$MSG)")
);
};
Very minimal elasticsearch.yaml:
cluster.name: dev-elasticsearch
node.name: dev-applog01
network.host: 127.0.0.1
http.port: 9200
node.master: true
node.data: true
node.max_local_storage_nodes: 1
discovery.zen.ping.multicast.enabled: false
discovery.zen.ping.unicast.hosts: ["dev-applog01.dev.local"]
#discovery.zen.ping.unicast.hosts: ["127.0.0.1"]
ES itself looks happy:
$ curl 'localhost:9200/_nodes/jvm?pretty'
{
"cluster_name" : "dev-elasticsearch",
"nodes" : {
"QkZpHu32Rdeh0InUvsSSKw" : {
"name" : "dev-applog01",
"transport_address" : "127.0.0.1:9300",
"host" : "127.0.0.1",
"ip" : "127.0.0.1",
"version" : "2.2.0",
"build" : "8ff36d1",
"http_address" : "127.0.0.1:9200",
"attributes" : {
"max_local_storage_nodes" : "1",
"master" : "true"
},
"jvm" : {
"pid" : 25310,
"version" : "1.8.0_66",
"vm_name" : "Java HotSpot(TM) 64-Bit Server VM",
"vm_version" : "25.66-b17",
"vm_vendor" : "Oracle Corporation",
"start_time_in_millis" : 1457041645379,
"mem" : {
"heap_init_in_bytes" : 8589934592,
"heap_max_in_bytes" : 8572502016,
"non_heap_init_in_bytes" : 2555904,
"non_heap_max_in_bytes" : 0,
"direct_max_in_bytes" : 8572502016
},
"gc_collectors" : [ "ParNew", "ConcurrentMarkSweep" ],
"memory_pools" : [ "Code Cache", "Metaspace", "Compressed Class Space", "Par Eden Space", "Par Survivor Space", "CMS Old Gen" ],
"using_compressed_ordinary_object_pointers" : "true"
}
}
}
}
$ curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
{
"cluster_name" : "dev-elasticsearch",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 0,
"active_shards" : 0,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
$ curl localhost:9200
{
"name" : "dev-applog01",
"cluster_name" : "dev-elasticsearch",
"version" : {
"number" : "2.2.0",
"build_hash" : "8ff36d139e16f8720f2947ef62c8167a888992fe",
"build_timestamp" : "2016-01-27T13:32:39Z",
"build_snapshot" : false,
"lucene_version" : "5.4.1"
},
"tagline" : "You Know, for Search"
}
Syslog-ng seems to be unable to establish a connection. Running in the foreground I find:
$ syslog-ng -dv -F
[2016-03-03T18:18:32.583896] Systemd is detected as the running init system;
[2016-03-03T18:18:32.584453] Starting to read include file; filename='/etc/syslog-ng/scl.conf', depth='1'
[2016-03-03T18:18:32.584567] Global value changed; define='scl-root', value='/usr/share/syslog-ng/include/scl'
[2016-03-03T18:18:32.584589] Global value changed; define='include-path', value='/etc/syslog-ng:/usr/share/syslog-ng/include'
[2016-03-03T18:18:32.584747] Adding include file; filename='/usr/share/syslog-ng/include/scl/cim/template.conf'
[2016-03-03T18:18:32.584754] Adding include file; filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf'
[2016-03-03T18:18:32.584758] Adding include file; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf'
[2016-03-03T18:18:32.584761] Adding include file; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf'
[2016-03-03T18:18:32.584765] Adding include file; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf'
[2016-03-03T18:18:32.584769] Adding include file; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf'
[2016-03-03T18:18:32.584772] Adding include file; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf'
[2016-03-03T18:18:32.584776] Adding include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf'
[2016-03-03T18:18:32.584779] Adding include file; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf'
[2016-03-03T18:18:32.584782] Adding include file; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf'
[2016-03-03T18:18:32.584786] Adding include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf'
[2016-03-03T18:18:32.584790] Adding include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf'
[2016-03-03T18:18:32.584799] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2'
[2016-03-03T18:18:32.584864] Reading path for candidate modules; path='//usr/lib64/syslog-ng'
[2016-03-03T18:18:32.584910] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='grok-parser.so', module='grok-parser'
[2016-03-03T18:18:32.585383] Registering candidate plugin; module='grok-parser', context='parser', name='grok', preference='0'
[2016-03-03T18:18:32.585442] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='tfgetent.so', module='tfgetent'
[2016-03-03T18:18:32.585579] Registering candidate plugin; module='tfgetent', context='template-func', name='getent', preference='0'
[2016-03-03T18:18:32.585600] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='dbparser.so', module='dbparser'
[2016-03-03T18:18:32.585760] Registering candidate plugin; module='dbparser', context='parser', name='db-parser', preference='0'
[2016-03-03T18:18:32.585783] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='graphite.so', module='graphite'
[2016-03-03T18:18:32.585905] Registering candidate plugin; module='graphite', context='template-func', name='graphite_output', preference='0'
[2016-03-03T18:18:32.585925] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='basicfuncs-plus.so', module='basicfuncs-plus'
[2016-03-03T18:18:32.586055] Registering candidate plugin; module='basicfuncs-plus', context='template-func', name='//', preference='0'
[2016-03-03T18:18:32.586062] Registering candidate plugin; module='basicfuncs-plus', context='template-func', name='state', preference='0'
[2016-03-03T18:18:32.586080] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='syslogformat.so', module='syslogformat'
[2016-03-03T18:18:32.586235] Registering candidate plugin; module='syslogformat', context='format', name='syslog', preference='0'
[2016-03-03T18:18:32.586247] Registering candidate plugin; module='syslogformat', context='parser', name='syslog-parser', preference='0'
[2016-03-03T18:18:32.586266] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='basicfuncs.so', module='basicfuncs'
[2016-03-03T18:18:32.586405] Registering candidate plugin; module='basicfuncs', context='template-func', name='grep', preference='0'
[2016-03-03T18:18:32.586413] Registering candidate plugin; module='basicfuncs', context='template-func', name='if', preference='0'
[2016-03-03T18:18:32.586417] Registering candidate plugin; module='basicfuncs', context='template-func', name='or', preference='0'
[2016-03-03T18:18:32.586422] Registering candidate plugin; module='basicfuncs', context='template-func', name='echo', preference='0'
[2016-03-03T18:18:32.586427] Registering candidate plugin; module='basicfuncs', context='template-func', name='length', preference='0'
[2016-03-03T18:18:32.586431] Registering candidate plugin; module='basicfuncs', context='template-func', name='substr', preference='0'
[2016-03-03T18:18:32.586436] Registering candidate plugin; module='basicfuncs', context='template-func', name='strip', preference='0'
[2016-03-03T18:18:32.586462] Registering candidate plugin; module='basicfuncs', context='template-func', name='sanitize', preference='0'
[2016-03-03T18:18:32.586467] Registering candidate plugin; module='basicfuncs', context='template-func', name='lowercase', preference='0'
[2016-03-03T18:18:32.586472] Registering candidate plugin; module='basicfuncs', context='template-func', name='uppercase', preference='0'
[2016-03-03T18:18:32.586476] Registering candidate plugin; module='basicfuncs', context='template-func', name='replace-delimiter', preference='0'
[2016-03-03T18:18:32.586481] Registering candidate plugin; module='basicfuncs', context='template-func', name='padding', preference='0'
[2016-03-03T18:18:32.586485] Registering candidate plugin; module='basicfuncs', context='template-func', name='+', preference='0'
[2016-03-03T18:18:32.586489] Registering candidate plugin; module='basicfuncs', context='template-func', name='-', preference='0'
[2016-03-03T18:18:32.586493] Registering candidate plugin; module='basicfuncs', context='template-func', name='*', preference='0'
[2016-03-03T18:18:32.586498] Registering candidate plugin; module='basicfuncs', context='template-func', name='/', preference='0'
[2016-03-03T18:18:32.586502] Registering candidate plugin; module='basicfuncs', context='template-func', name='%', preference='0'
[2016-03-03T18:18:32.586506] Registering candidate plugin; module='basicfuncs', context='template-func', name='ipv4-to-int', preference='0'
[2016-03-03T18:18:32.586510] Registering candidate plugin; module='basicfuncs', context='template-func', name='indent-multi-line', preference='0'
[2016-03-03T18:18:32.586515] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-length', preference='0'
[2016-03-03T18:18:32.586519] Registering candidate plugin; module='basicfuncs', context='template-func', name='env', preference='0'
[2016-03-03T18:18:32.586523] Registering candidate plugin; module='basicfuncs', context='template-func', name='template', preference='0'
[2016-03-03T18:18:32.586544] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afstomp.so', module='afstomp'
[2016-03-03T18:18:32.586674] Registering candidate plugin; module='afstomp', context='destination', name='stomp', preference='0'
[2016-03-03T18:18:32.586695] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='monitor-source.so', module='monitor-source'
[2016-03-03T18:18:32.586911] Registering candidate plugin; module='monitor-source', context='source', name='monitor', preference='0'
[2016-03-03T18:18:32.586945] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afamqp.so', module='afamqp'
[2016-03-03T18:18:32.587080] Registering candidate plugin; module='afamqp', context='destination', name='amqp', preference='0'
[2016-03-03T18:18:32.587102] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='trigger-source.so', module='trigger-source'
[2016-03-03T18:18:32.587228] Registering candidate plugin; module='trigger-source', context='source', name='trigger', preference='0'
[2016-03-03T18:18:32.587249] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='lua.so', module='lua'
[2016-03-03T18:18:32.587721] Registering candidate plugin; module='lua', context='destination', name='lua', preference='0'
[2016-03-03T18:18:32.587763] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='confgen.so', module='confgen'
[2016-03-03T18:18:32.587904] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='mod-java.so', module='mod-java'
[2016-03-03T18:18:32.589487] Registering candidate plugin; module='mod-java', context='destination', name='java', preference='0'
[2016-03-03T18:18:32.589637] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='system-source.so', module='system-source'
[2016-03-03T18:18:32.589795] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='sdjournal.so', module='sdjournal'
[2016-03-03T18:18:32.589931] Registering candidate plugin; module='sdjournal', context='source', name='systemd-journal', preference='0'
[2016-03-03T18:18:32.589954] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afprog.so', module='afprog'
[2016-03-03T18:18:32.590113] Registering candidate plugin; module='afprog', context='source', name='program', preference='0'
[2016-03-03T18:18:32.590120] Registering candidate plugin; module='afprog', context='destination', name='program', preference='0'
[2016-03-03T18:18:32.590139] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='kafka.so', module='kafka'
[2016-03-03T18:18:32.590331] Registering candidate plugin; module='kafka', context='destination', name='kafka', preference='0'
[2016-03-03T18:18:32.590366] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='pseudofile.so', module='pseudofile'
[2016-03-03T18:18:32.590493] Registering candidate plugin; module='pseudofile', context='destination', name='pseudofile', preference='0'
[2016-03-03T18:18:32.590514] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='linux-kmsg-format.so', module='linux-kmsg-format'
[2016-03-03T18:18:32.590642] Registering candidate plugin; module='linux-kmsg-format', context='format', name='linux-kmsg', preference='0'
[2016-03-03T18:18:32.590661] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='affile.so', module='affile'
[2016-03-03T18:18:32.590798] Registering candidate plugin; module='affile', context='source', name='file', preference='0'
[2016-03-03T18:18:32.590807] Registering candidate plugin; module='affile', context='source', name='pipe', preference='0'
[2016-03-03T18:18:32.590812] Registering candidate plugin; module='affile', context='destination', name='file', preference='0'
[2016-03-03T18:18:32.590817] Registering candidate plugin; module='affile', context='destination', name='pipe', preference='0'
[2016-03-03T18:18:32.590836] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afsocket.so', module='afsocket'
[2016-03-03T18:18:32.591123] Registering candidate plugin; module='afsocket', context='source', name='unix-stream', preference='100'
[2016-03-03T18:18:32.591132] Registering candidate plugin; module='afsocket', context='destination', name='unix-stream', preference='100'
[2016-03-03T18:18:32.591137] Registering candidate plugin; module='afsocket', context='source', name='unix-dgram', preference='100'
[2016-03-03T18:18:32.591141] Registering candidate plugin; module='afsocket', context='destination', name='unix-dgram', preference='100'
[2016-03-03T18:18:32.591146] Registering candidate plugin; module='afsocket', context='source', name='tcp', preference='100'
[2016-03-03T18:18:32.591150] Registering candidate plugin; module='afsocket', context='destination', name='tcp', preference='100'
[2016-03-03T18:18:32.591164] Registering candidate plugin; module='afsocket', context='source', name='tcp6', preference='100'
[2016-03-03T18:18:32.591169] Registering candidate plugin; module='afsocket', context='destination', name='tcp6', preference='100'
[2016-03-03T18:18:32.591173] Registering candidate plugin; module='afsocket', context='source', name='udp', preference='100'
[2016-03-03T18:18:32.591178] Registering candidate plugin; module='afsocket', context='destination', name='udp', preference='100'
[2016-03-03T18:18:32.591182] Registering candidate plugin; module='afsocket', context='source', name='udp6', preference='100'
[2016-03-03T18:18:32.591187] Registering candidate plugin; module='afsocket', context='destination', name='udp6', preference='100'
[2016-03-03T18:18:32.591191] Registering candidate plugin; module='afsocket', context='source', name='syslog', preference='100'
[2016-03-03T18:18:32.591195] Registering candidate plugin; module='afsocket', context='destination', name='syslog', preference='100'
[2016-03-03T18:18:32.591234] Registering candidate plugin; module='afsocket', context='source', name='network', preference='100'
[2016-03-03T18:18:32.591240] Registering candidate plugin; module='afsocket', context='destination', name='network', preference='100'
[2016-03-03T18:18:32.591244] Registering candidate plugin; module='afsocket', context='source', name='systemd-syslog', preference='100'
[2016-03-03T18:18:32.591280] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='json-plugin.so', module='json-plugin'
[2016-03-03T18:18:32.591464] Registering candidate plugin; module='json-plugin', context='parser', name='json-parser', preference='0'
[2016-03-03T18:18:32.591479] Registering candidate plugin; module='json-plugin', context='template-func', name='format_json', preference='0'
[2016-03-03T18:18:32.591516] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afuser.so', module='afuser'
[2016-03-03T18:18:32.591703] Registering candidate plugin; module='afuser', context='destination', name='usertty', preference='0'
[2016-03-03T18:18:32.591727] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='csvparser.so', module='csvparser'
[2016-03-03T18:18:32.591846] Registering candidate plugin; module='csvparser', context='parser', name='csv-parser', preference='0'
[2016-03-03T18:18:32.591867] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='rss.so', module='rss'
[2016-03-03T18:18:32.592020] Registering candidate plugin; module='rss', context='destination', name='rss', preference='0'
[2016-03-03T18:18:32.592050] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='date-parser.so', module='date-parser'
[2016-03-03T18:18:32.592171] Registering candidate plugin; module='date-parser', context='parser', name='date-parser', preference='0'
[2016-03-03T18:18:32.592193] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='kvformat.so', module='kvformat'
[2016-03-03T18:18:32.592252] Registering candidate plugin; module='kvformat', context='parser', name='kv-parser', preference='0'
[2016-03-03T18:18:32.592259] Registering candidate plugin; module='kvformat', context='parser', name='linux-audit-parser', preference='0'
[2016-03-03T18:18:32.592264] Registering candidate plugin; module='kvformat', context='template-func', name='format-welf', preference='0'
[2016-03-03T18:18:32.592283] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='cryptofuncs.so', module='cryptofuncs'
[2016-03-03T18:18:32.592399] Registering candidate plugin; module='cryptofuncs', context='template-func', name='uuid', preference='0'
[2016-03-03T18:18:32.592406] Registering candidate plugin; module='cryptofuncs', context='template-func', name='hash', preference='0'
[2016-03-03T18:18:32.592411] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha1', preference='0'
[2016-03-03T18:18:32.592416] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha256', preference='0'
[2016-03-03T18:18:32.592421] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha512', preference='0'
[2016-03-03T18:18:32.592425] Registering candidate plugin; module='cryptofuncs', context='template-func', name='md4', preference='0'
[2016-03-03T18:18:32.592430] Registering candidate plugin; module='cryptofuncs', context='template-func', name='md5', preference='0'
[2016-03-03T18:18:32.592692] Module loaded and initialized successfully; module='json-plugin'
[2016-03-03T18:18:32.592840] Finishing include; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2'
[2016-03-03T18:18:32.592875] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', depth='2'
[2016-03-03T18:18:32.593010] Finishing include; filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', depth='2'
[2016-03-03T18:18:32.593027] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2'
[2016-03-03T18:18:32.593090] Finishing include; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2'
[2016-03-03T18:18:32.593105] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2'
[2016-03-03T18:18:32.593179] Finishing include; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2'
[2016-03-03T18:18:32.593194] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2'
[2016-03-03T18:18:32.593269] Finishing include; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2'
[2016-03-03T18:18:32.593293] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2'
[2016-03-03T18:18:32.593351] Finishing include; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2'
[2016-03-03T18:18:32.593365] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2'
[2016-03-03T18:18:32.593429] Finishing include; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2'
[2016-03-03T18:18:32.593460] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
[2016-03-03T18:18:32.593527] Finishing include; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
[2016-03-03T18:18:32.593541] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2'
[2016-03-03T18:18:32.593611] Global value changed; define='balabit.credit-card-regexp', value='(?P<1>:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35d{3})d{11})'
[2016-03-03T18:18:32.593650] Finishing include; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2'
[2016-03-03T18:18:32.593676] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2'
[2016-03-03T18:18:32.593715] Finishing include; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2'
[2016-03-03T18:18:32.593728] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2'
[2016-03-03T18:18:32.593952] Module loaded and initialized successfully; module='confgen'
[2016-03-03T18:18:32.593965] Finishing include; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2'
[2016-03-03T18:18:32.593992] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2'
[2016-03-03T18:18:32.594201] Module loaded and initialized successfully; module='system-source'
[2016-03-03T18:18:32.594216] Finishing include; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2'
[2016-03-03T18:18:32.594234] Finishing include; filename='/etc/syslog-ng/scl.conf', depth='1'
[2016-03-03T18:18:32.595508] Module loaded and initialized successfully; module='mod-java'
[2016-03-03T18:18:32.596214] Module loaded and initialized successfully; module='sdjournal'
[2016-03-03T18:18:32.596321] Finishing include; content='source confgen system', depth='1'
[2016-03-03T18:18:32.596649] Module loaded and initialized successfully; module='afsocket'
[2016-03-03T18:18:32.596952] Module loaded and initialized successfully; module='affile'
[2016-03-03T18:18:32.597231] Finishing include; content='destination block elasticsearch', depth='1'
[2016-03-03T18:18:32.597670] Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:105:5]
[2016-03-03T18:18:32.597677] Compiling s_all reference [source] at [/etc/syslog-ng/syslog-ng.conf:105:5]
[2016-03-03T18:18:32.597681] Compiling s_all sequence [source] at [/etc/syslog-ng/syslog-ng.conf:46:1]
[2016-03-03T18:18:32.597685] Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:46:15]
[2016-03-03T18:18:32.597688] Compiling #unnamed sequence [log] at [source confgen system:2:5]
[2016-03-03T18:18:32.597691] Compiling #unnamed sequence [source] at [source confgen system:2:5]
[2016-03-03T18:18:32.597694] Compiling #unnamed junction [log] at [source confgen system:2:13]
[2016-03-03T18:18:32.597698] Compiling #unnamed single [log] at [source confgen system:3:1]
[2016-03-03T18:18:32.597703] Compiling #unnamed junction [log] at [source confgen system:6:1]
[2016-03-03T18:18:32.597706] Compiling #unnamed sequence [log] at [source confgen system:6:10]
[2016-03-03T18:18:32.597709] Compiling #unnamed junction [log] at [source confgen system:7:3]
[2016-03-03T18:18:32.597712] Compiling #unnamed sequence [log] at [source confgen system:8:5]
[2016-03-03T18:18:32.597715] Compiling #unnamed sequence [parser] at [source confgen system:8:5]
[2016-03-03T18:18:32.597718] Compiling #unnamed single [log] at [source confgen system:9:7]
[2016-03-03T18:18:32.597723] Compiling #unnamed sequence [log] at [source confgen system:13:12]
[2016-03-03T18:18:32.597727] Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:48:5]
[2016-03-03T18:18:32.597730] Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:50:5]
[2016-03-03T18:18:32.597733] Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:51:5]
[2016-03-03T18:18:32.597738] Compiling d_all reference [destination] at [/etc/syslog-ng/syslog-ng.conf:106:5]
[2016-03-03T18:18:32.597741] Compiling d_all sequence [destination] at [/etc/syslog-ng/syslog-ng.conf:55:1]
[2016-03-03T18:18:32.597745] Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:55:20]
[2016-03-03T18:18:32.597748] Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:56:5]
[2016-03-03T18:18:32.597752] Compiling d_elasticsearch reference [destination] at [/etc/syslog-ng/syslog-ng.conf:108:5]
[2016-03-03T18:18:32.597755] Compiling d_elasticsearch sequence [destination] at [/etc/syslog-ng/syslog-ng.conf:68:1]
[2016-03-03T18:18:32.597758] Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:68:30]
[2016-03-03T18:18:32.597761] Compiling #unnamed single [log] at [#buffer:2:3]
[2016-03-03T18:18:32.597910] Seeking the journal to the last cursor position; cursor='s=72b441ec79314a56be3b86ef506fc109;i=3cfd;b=f0354cb6895a47b08113b3c5bd948cde;m=2ca3301178;t=52d2c4c757947;x=1ea7735e89f7c905'
[2016-03-03T18:18:32.598177] Module loaded and initialized successfully; module='syslogformat'
[2016-03-03T18:18:32.598539] WARNING: window sizing for tcp sources were changed in syslog-ng 3.3, the configuration value was divided by the value of max-connections(). The result was too small, clamping to 100 entries. Ensure you have a proper log_fifo_size setting to avoid message loss.; orig_log_iw_size='0', new_log_iw_size='100', min_log_fifo_size='102400'
[2016-03-03T18:18:32.690908] Add path to classpath: //usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar;
[2016-03-03T18:18:32.691290] Add path to classpath: /usr/lib64/syslog-ng/java-modules/elastic.jar;
[2016-03-03T18:18:32.691391] Add path to classpath: /usr/lib64/syslog-ng/java-modules/hdfs.jar;
[2016-03-03T18:18:32.691478] Add path to classpath: /usr/lib64/syslog-ng/java-modules/java-modules.jar;
[2016-03-03T18:18:32.691583] Add path to classpath: /usr/lib64/syslog-ng/java-modules/kafka.jar;
[2016-03-03T18:18:32.691688] Add path to classpath: /usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar;
[2016-03-03T18:18:32.691793] Add path to classpath: /usr/lib64/syslog-ng/java-modules/log4j-1.2.16.jar;
[2016-03-03T18:18:32.691883] Add path to classpath: /usr/lib64/syslog-ng/java-modules/dummy.jar;
[2016-03-03T18:18:32.691985] Add path to classpath: /usr/lib64/syslog-ng/java-modules/syslog-ng-common.jar;
[2016-03-03T18:18:32.692070] Add path to classpath: /usr/lib64/syslog-ng/java-modules/http.jar;
[2016-03-03T18:18:32.692142] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/hsqldb-1.8.0.10.jar;
[2016-03-03T18:18:32.692234] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/netty-3.7.0.Final.jar;
[2016-03-03T18:18:32.692652] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-memory-4.10.4.jar;
[2016-03-03T18:18:32.692785] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/elasticsearch-1.6.0.jar;
[2016-03-03T18:18:32.692899] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/oro-2.0.8.jar;
[2016-03-03T18:18:32.692990] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/kafka-clients-0.8.2.1.jar;
[2016-03-03T18:18:32.693074] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/zkclient-0.3.jar;
[2016-03-03T18:18:32.693164] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-cli-1.2.jar;
[2016-03-03T18:18:32.693259] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-el-1.0.jar;
[2016-03-03T18:18:32.693350] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/slf4j-api-1.7.10.jar;
[2016-03-03T18:18:32.693432] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/asm-4.1.jar;
[2016-03-03T18:18:32.693516] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jasper-compiler-5.5.12.jar;
[2016-03-03T18:18:32.693604] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-grouping-4.10.4.jar;
[2016-03-03T18:18:32.693692] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lz4-1.2.0.jar;
[2016-03-03T18:18:32.693773] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/xml-apis-1.3.04.jar;
[2016-03-03T18:18:32.693850] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/xercesImpl-2.9.1.jar;
[2016-03-03T18:18:32.693947] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/httpcore-4.2.4.jar;
[2016-03-03T18:18:32.694038] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/xz-1.0.jar;
[2016-03-03T18:18:32.694118] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-core-4.10.4.jar;
[2016-03-03T18:18:32.694246] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-queryparser-4.10.4.jar;
[2016-03-03T18:18:32.694333] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/hadoop-annotations-2.7.1.jar;
[2016-03-03T18:18:32.694420] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-math-2.1.jar;
[2016-03-03T18:18:32.694516] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/netty-all-4.0.23.Final.jar;
[2016-03-03T18:18:32.694613] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jets3t-0.9.0.jar;
[2016-03-03T18:18:32.694705] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/junit-4.12.jar;
[2016-03-03T18:18:32.694807] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/protobuf-java-2.5.0.jar;
[2016-03-03T18:18:32.694893] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/gson-2.2.4.jar;
[2016-03-03T18:18:32.694987] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jsp-2.1-6.1.14.jar;
[2016-03-03T18:18:32.695078] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jetty-6.1.26.jar;
[2016-03-03T18:18:32.695157] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jackson-core-asl-1.9.13.jar;
[2016-03-03T18:18:32.695248] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/avro-1.7.4.jar;
[2016-03-03T18:18:32.695324] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jasper-runtime-5.5.12.jar;
[2016-03-03T18:18:32.695412] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jersey-json-1.9.jar;
[2016-03-03T18:18:32.695499] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-misc-4.10.4.jar;
[2016-03-03T18:18:32.695598] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/hadoop-auth-2.7.1.jar;
[2016-03-03T18:18:32.695686] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/snakeyaml-1.12.jar;
[2016-03-03T18:18:32.695774] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jsp-api-2.1.jar;
[2016-03-03T18:18:32.695859] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/stax-api-1.0.1.jar;
[2016-03-03T18:18:32.695936] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jaxb-impl-2.2.3-1.jar;
[2016-03-03T18:18:32.696041] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/servlet-api-2.5-20081211.jar;
[2016-03-03T18:18:32.696137] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-math3-3.1.1.jar;
[2016-03-03T18:18:32.696229] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/slf4j-api-1.7.6.jar;
[2016-03-03T18:18:32.696321] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jersey-core-1.9.jar;
[2016-03-03T18:18:32.696401] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/curator-framework-2.7.1.jar;
[2016-03-03T18:18:32.696487] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-sandbox-4.10.4.jar;
[2016-03-03T18:18:32.696566] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jsch-0.1.42.jar;
[2016-03-03T18:18:32.696646] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/syslog-ng-core.jar;
[2016-03-03T18:18:32.696727] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/log4j-1.2.16.jar;
[2016-03-03T18:18:32.696809] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-suggest-4.10.4.jar;
[2016-03-03T18:18:32.696894] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/xmlenc-0.52.jar;
[2016-03-03T18:18:32.697000] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/hadoop-common-2.7.1.jar;
[2016-03-03T18:18:32.697095] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/curator-client-2.7.1.jar;
[2016-03-03T18:18:32.701317] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/apacheds-i18n-2.0.0-M15.jar;
[2016-03-03T18:18:32.701462] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/asm-3.1.jar;
[2016-03-03T18:18:32.701548] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/htrace-core-3.1.0-incubating.jar;
[2016-03-03T18:18:32.701689] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-queries-4.10.4.jar;
[2016-03-03T18:18:32.701773] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/hadoop-hdfs-2.7.1.jar;
[2016-03-03T18:18:32.701853] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jersey-server-1.9.jar;
[2016-03-03T18:18:32.701930] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jsr305-3.0.0.jar;
[2016-03-03T18:18:32.702013] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jettison-1.1.jar;
[2016-03-03T18:18:32.702090] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/ant-1.6.5.jar;
[2016-03-03T18:18:32.702177] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/slf4j-log4j12-1.7.10.jar;
[2016-03-03T18:18:32.702259] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-io-2.4.jar;
[2016-03-03T18:18:32.702331] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-digester-1.8.jar;
[2016-03-03T18:18:32.702403] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jackson-mapper-asl-1.9.13.jar;
[2016-03-03T18:18:32.702480] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jline-0.9.94.jar;
[2016-03-03T18:18:32.702552] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/apacheds-kerberos-codec-2.0.0-M15.jar;
[2016-03-03T18:18:32.702639] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/asm-commons-4.1.jar;
[2016-03-03T18:18:32.702715] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/spatial4j-0.4.1.jar;
[2016-03-03T18:18:32.702794] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/servlet-api-2.5-6.1.14.jar;
[2016-03-03T18:18:32.702869] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-analyzers-common-4.10.4.jar;
[2016-03-03T18:18:32.702981] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-httpclient-3.1.jar;
[2016-03-03T18:18:32.703094] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-daemon-1.0.13.jar;
[2016-03-03T18:18:32.703176] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/paranamer-2.3.jar;
[2016-03-03T18:18:32.703255] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/java-xmlbuilder-0.4.jar;
[2016-03-03T18:18:32.703351] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jackson-jaxrs-1.8.3.jar;
[2016-03-03T18:18:32.703428] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/junit-3.8.1.jar;
[2016-03-03T18:18:32.703498] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/log4j-1.2.17.jar;
[2016-03-03T18:18:32.703569] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jsp-api-2.1-6.1.14.jar;
[2016-03-03T18:18:32.703652] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/metrics-core-2.2.0.jar;
[2016-03-03T18:18:32.703728] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/syslog-ng-common.jar;
[2016-03-03T18:18:32.703805] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-join-4.10.4.jar;
[2016-03-03T18:18:32.703876] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-spatial-4.10.4.jar;
[2016-03-03T18:18:32.703951] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/antlr-runtime-3.5.jar;
[2016-03-03T18:18:32.704034] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/scala-library-2.10.4.jar;
[2016-03-03T18:18:32.704112] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/activation-1.1.jar;
[2016-03-03T18:18:32.704189] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jopt-simple-3.2.jar;
[2016-03-03T18:18:32.704278] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-highlighter-4.10.4.jar;
[2016-03-03T18:18:32.704353] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-collections-3.2.1.jar;
[2016-03-03T18:18:32.704426] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-logging-1.1.3.jar;
[2016-03-03T18:18:32.704502] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/snappy-java-1.1.1.6.jar;
[2016-03-03T18:18:32.704575] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/guava-16.0.1.jar;
[2016-03-03T18:18:32.704656] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/leveldbjni-all-1.8.jar;
[2016-03-03T18:18:32.704733] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/slf4j-log4j12-1.6.1.jar;
[2016-03-03T18:18:32.704806] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-compress-1.4.1.jar;
[2016-03-03T18:18:32.706495] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-beanutils-1.7.0.jar;
[2016-03-03T18:18:32.706575] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/stax-api-1.0-2.jar;
[2016-03-03T18:18:32.706643] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/kafka_2.10-0.8.2.1.jar;
[2016-03-03T18:18:32.706719] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-codec-1.6.jar;
[2016-03-03T18:18:32.706783] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/core-3.1.1.jar;
[2016-03-03T18:18:32.706842] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/httpclient-4.2.5.jar;
[2016-03-03T18:18:32.706906] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-configuration-1.6.jar;
[2016-03-03T18:18:32.706987] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jetty-util-6.1.26.jar;
[2016-03-03T18:18:32.707051] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/hamcrest-core-1.3.jar;
[2016-03-03T18:18:32.707116] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/api-util-1.0.0-M20.jar;
[2016-03-03T18:18:32.707177] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/api-asn1-api-1.0.0-M20.jar;
[2016-03-03T18:18:32.707250] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/curator-recipes-2.7.1.jar;
[2016-03-03T18:18:32.707330] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-net-3.1.jar;
[2016-03-03T18:18:32.707393] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/servlet-api-2.5.jar;
[2016-03-03T18:18:32.707453] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-lang-2.6.jar;
[2016-03-03T18:18:32.707535] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jackson-xc-1.8.3.jar;
[2016-03-03T18:18:32.707611] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/zookeeper-3.4.6.jar;
[2016-03-03T18:18:32.707686] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jaxb-api-2.2.2.jar;
[2016-03-03T18:18:32.707751] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/snappy-java-1.0.4.1.jar;
[2016-03-03T18:18:32.707813] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-beanutils-core-1.8.0.jar;
[2016-03-03T18:18:32.707897] Add path to classpath: /usr/share/elasticsearch/lib/lucene-sandbox-5.4.1.jar;
[2016-03-03T18:18:32.707960] Add path to classpath: /usr/share/elasticsearch/lib/HdrHistogram-2.1.6.jar;
[2016-03-03T18:18:32.708068] Add path to classpath: /usr/share/elasticsearch/lib/snakeyaml-1.15.jar;
[2016-03-03T18:18:32.708221] Add path to classpath: /usr/share/elasticsearch/lib/lucene-backward-codecs-5.4.1.jar;
[2016-03-03T18:18:32.708311] Add path to classpath: /usr/share/elasticsearch/lib/lucene-queries-5.4.1.jar;
[2016-03-03T18:18:32.708402] Add path to classpath: /usr/share/elasticsearch/lib/hppc-0.7.1.jar;
[2016-03-03T18:18:32.708489] Add path to classpath: /usr/share/elasticsearch/lib/lucene-highlighter-5.4.1.jar;
[2016-03-03T18:18:32.708579] Add path to classpath: /usr/share/elasticsearch/lib/joda-time-2.8.2.jar;
[2016-03-03T18:18:32.708666] Add path to classpath: /usr/share/elasticsearch/lib/netty-3.10.5.Final.jar;
[2016-03-03T18:18:32.708753] Add path to classpath: /usr/share/elasticsearch/lib/lucene-join-5.4.1.jar;
[2016-03-03T18:18:32.708814] Add path to classpath: /usr/share/elasticsearch/lib/lucene-grouping-5.4.1.jar;
[2016-03-03T18:18:32.708870] Add path to classpath: /usr/share/elasticsearch/lib/jackson-dataformat-cbor-2.6.2.jar;
[2016-03-03T18:18:32.708929] Add path to classpath: /usr/share/elasticsearch/lib/lucene-core-5.4.1.jar;
[2016-03-03T18:18:32.709024] Add path to classpath: /usr/share/elasticsearch/lib/apache-log4j-extras-1.2.17.jar;
[2016-03-03T18:18:32.709102] Add path to classpath: /usr/share/elasticsearch/lib/jackson-dataformat-yaml-2.6.2.jar;
[2016-03-03T18:18:32.709166] Add path to classpath: /usr/share/elasticsearch/lib/lucene-analyzers-common-5.4.1.jar;
[2016-03-03T18:18:32.709231] Add path to classpath: /usr/share/elasticsearch/lib/jackson-dataformat-smile-2.6.2.jar;
[2016-03-03T18:18:32.709289] Add path to classpath: /usr/share/elasticsearch/lib/t-digest-3.0.jar;
[2016-03-03T18:18:32.709341] Add path to classpath: /usr/share/elasticsearch/lib/joda-convert-1.2.jar;
[2016-03-03T18:18:32.709392] Add path to classpath: /usr/share/elasticsearch/lib/commons-cli-1.3.1.jar;
[2016-03-03T18:18:32.709443] Add path to classpath: /usr/share/elasticsearch/lib/spatial4j-0.5.jar;
[2016-03-03T18:18:32.709497] Add path to classpath: /usr/share/elasticsearch/lib/log4j-1.2.17.jar;
[2016-03-03T18:18:32.709548] Add path to classpath: /usr/share/elasticsearch/lib/jackson-core-2.6.2.jar;
[2016-03-03T18:18:32.709598] Add path to classpath: /usr/share/elasticsearch/lib/jsr166e-1.1.0.jar;
[2016-03-03T18:18:32.709651] Add path to classpath: /usr/share/elasticsearch/lib/lucene-misc-5.4.1.jar;
[2016-03-03T18:18:32.709703] Add path to classpath: /usr/share/elasticsearch/lib/lucene-memory-5.4.1.jar;
[2016-03-03T18:18:32.709754] Add path to classpath: /usr/share/elasticsearch/lib/lucene-spatial-5.4.1.jar;
[2016-03-03T18:18:32.709808] Add path to classpath: /usr/share/elasticsearch/lib/lucene-spatial3d-5.4.1.jar;
[2016-03-03T18:18:32.709866] Add path to classpath: /usr/share/elasticsearch/lib/jna-4.1.0.jar;
[2016-03-03T18:18:32.709917] Add path to classpath: /usr/share/elasticsearch/lib/guava-18.0.jar;
[2016-03-03T18:18:32.709976] Add path to classpath: /usr/share/elasticsearch/lib/elasticsearch-2.2.0.jar;
[2016-03-03T18:18:32.710030] Add path to classpath: /usr/share/elasticsearch/lib/lucene-queryparser-5.4.1.jar;
[2016-03-03T18:18:32.710084] Add path to classpath: /usr/share/elasticsearch/lib/lucene-suggest-5.4.1.jar;
[2016-03-03T18:18:32.710135] Add path to classpath: /usr/share/elasticsearch/lib/jts-1.13.jar;
[2016-03-03T18:18:32.710188] Add path to classpath: /usr/share/elasticsearch/lib/compiler-0.8.13.jar;
[2016-03-03T18:18:32.710239] Add path to classpath: /usr/share/elasticsearch/lib/securesm-1.0.jar;
[2016-03-03T18:18:32.710652] Add path to classpath: /usr/share/elasticsearch/lib/compress-lzf-1.0.2.jar;
[2016-03-03T18:18:32.815477] Add path to classpath: //usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar;
[2016-03-03T18:18:32.995605] [Collector] version[1.6.0], pid[26563], build[cdd3ac4/2015-06-09T13:36:34Z];
[2016-03-03T18:18:32.995656] [Collector] initializing ...;
[2016-03-03T18:18:32.995762] [Collector] using home [/home/dev.local/devadmin_rblanchard], config [/home/dev.local/devadmin_rblanchard/config], data [[/home/dev.local/devadmin_rblanchard/data]], logs [/home/dev.local/devadmin_rblanchard/logs], work [/home/dev.local/devadmin_rblanchard/work], plugins [/home/dev.local/devadmin_rblanchard/plugins];
[2016-03-03T18:18:33.001377] [Collector] [/home/dev.local/devadmin_rblanchard/plugins] directory does not exist.;
[2016-03-03T18:18:33.002901] [Collector] [/home/dev.local/devadmin_rblanchard/plugins] directory does not exist.;
[2016-03-03T18:18:33.003036] [Collector] loaded [], sites [];
[2016-03-03T18:18:33.043579] using encoder [VanillaChunkDecoder] and decoder[{}] ;
[2016-03-03T18:18:33.060562] [Collector] creating thread_pool [generic], type [cached], keep_alive [30s];
[2016-03-03T18:18:33.071549] [Collector] creating thread_pool [index], type [fixed], size [2], queue_size [200];
[2016-03-03T18:18:33.073694] [Collector] creating thread_pool [bulk], type [fixed], size [2], queue_size [50];
[2016-03-03T18:18:33.073796] [Collector] creating thread_pool [get], type [fixed], size [2], queue_size [1k];
[2016-03-03T18:18:33.073894] [Collector] creating thread_pool [search], type [fixed], size [4], queue_size [1k];
[2016-03-03T18:18:33.074009] [Collector] creating thread_pool [suggest], type [fixed], size [2], queue_size [1k];
[2016-03-03T18:18:33.074088] [Collector] creating thread_pool [percolate], type [fixed], size [2], queue_size [1k];
[2016-03-03T18:18:33.074182] [Collector] creating thread_pool [management], type [scaling], min [1], size [5], keep_alive [5m];
[2016-03-03T18:18:33.074874] [Collector] creating thread_pool [listener], type [fixed], size [1], queue_size [null];
[2016-03-03T18:18:33.074949] [Collector] creating thread_pool [flush], type [scaling], min [1], size [1], keep_alive [5m];
[2016-03-03T18:18:33.075029] [Collector] creating thread_pool [merge], type [scaling], min [1], size [1], keep_alive [5m];
[2016-03-03T18:18:33.075103] [Collector] creating thread_pool [refresh], type [scaling], min [1], size [1], keep_alive [5m];
[2016-03-03T18:18:33.075172] [Collector] creating thread_pool [warmer], type [scaling], min [1], size [1], keep_alive [5m];
[2016-03-03T18:18:33.075259] [Collector] creating thread_pool [snapshot], type [scaling], min [1], size [1], keep_alive [5m];
[2016-03-03T18:18:33.075324] [Collector] creating thread_pool [optimize], type [fixed], size [1], queue_size [null];
[2016-03-03T18:18:33.075394] [Collector] creating thread_pool [fetch_shard_started], type [scaling], min [1], size [4], keep_alive [5m];
[2016-03-03T18:18:33.075476] [Collector] creating thread_pool [fetch_shard_store], type [scaling], min [1], size [4], keep_alive [5m];
[2016-03-03T18:18:33.274792] [Collector] failed to load groovy;
[2016-03-03T18:18:33.275906] [Collector] failed to load lucene expressions;
[2016-03-03T18:18:34.190001] [Collector] enabled [true], last_gc_enabled [false], interval [1s], gc_threshold [{default=GcThreshold{name='default', warnThreshold=10000, infoThreshold=5000, debugThreshold=2000}, young=GcThreshold{name='young', warnThreshold=1000, infoThreshold=700, debugThreshold=400}, old=GcThreshold{name='old', warnThreshold=10000, infoThreshold=5000, debugThreshold=2000}}];
[2016-03-03T18:18:34.191027] [Collector] Using probe [org.elasticsearch.monitor.os.JmxOsProbe at 26ae880a] with refresh_interval [1s];
[2016-03-03T18:18:34.194928] [Collector] Using probe [org.elasticsearch.monitor.process.JmxProcessProbe at 185f7840] with refresh_interval [1s];
[2016-03-03T18:18:34.199815] [Collector] Using refresh_interval [1s];
[2016-03-03T18:18:34.200034] [Collector] Using probe [org.elasticsearch.monitor.network.JmxNetworkProbe at 5bdd5689] with refresh_interval [5s];
[2016-03-03T18:18:34.201619] [Collector] net_info
host [dev-applog01]
eth91 display_name [eth91]
address [/172.16.100.137]
mtu [1500] multicast [true] ptp [false] loopback [false] up [true] virtual [false]
lo display_name [lo]
address [/127.0.0.1]
mtu [65536] multicast [false] ptp [false] loopback [true] up [true] virtual [false]
;
[2016-03-03T18:18:34.202074] [Collector] Using probe [org.elasticsearch.monitor.fs.JmxFsProbe at 4c03a37] with refresh_interval [1s];
[2016-03-03T18:18:34.205731] using gathering [true];
[2016-03-03T18:18:34.231260] [Collector] using minimum_master_nodes [-1];
[2016-03-03T18:18:34.232708] [Collector] using group [224.2.2.4], with port [54328], ttl [3], and address [null];
[2016-03-03T18:18:34.236211] [Collector] using initial hosts [], with concurrent_connects [10];
[2016-03-03T18:18:34.237273] [Collector] using ping.timeout [3s], join.timeout [1m], master_election.filter_client [true], master_election.filter_data [false];
[2016-03-03T18:18:34.238426] [Collector] [master] uses ping_interval [1s], ping_timeout [30s], ping_retries [3];
[2016-03-03T18:18:34.240570] [Collector] [node ] uses ping_interval [1s], ping_timeout [30s], ping_retries [3];
[2016-03-03T18:18:34.541911] [Collector] using script cache with max_size [100], expire [null];
[2016-03-03T18:18:34.548568] [Collector] using node_concurrent_recoveries [2], node_initial_primaries_recoveries [4];
[2016-03-03T18:18:34.549223] [Collector] using [cluster.routing.allocation.allow_rebalance] with [indices_all_active];
[2016-03-03T18:18:34.549680] [Collector] using [cluster_concurrent_rebalance] with [2];
[2016-03-03T18:18:34.551350] [Collector] using max_bytes_per_sec[40mb], concurrent_streams [3], file_chunk_size [512kb], translog_size [512kb], translog_ops [1000], and compress [true];
[2016-03-03T18:18:34.580063] [Collector] using initial_shards [quorum];
[2016-03-03T18:18:34.684545] [Collector] using max_chunk_size[8kb], max_header_size[8kb], max_initial_line_length[4kb], max_content_length[100mb], receive_predictor[512kb->512kb], pipelining[true], pipelining_max_events[10000];
[2016-03-03T18:18:34.700545] [Collector] using indices.store.throttle.type [MERGE], with index.store.throttle.max_bytes_per_sec [20mb];
[2016-03-03T18:18:34.701314] [Collector] using index_buffer_size [354mb], with min_shard_index_buffer_size [4mb], max_shard_index_buffer_size [512mb], shard_inactive_time [5m];
[2016-03-03T18:18:34.702141] [Collector] using [node] weighted filter cache with size [10%], actual_size [354mb], expire [null], clean_interval [1m];
[2016-03-03T18:18:34.703351] [Collector] using size [-1] [-1b], expire [null];
[2016-03-03T18:18:34.730215] [Collector] using gateway.local.auto_import_dangled [YES], gateway.local.delete_timeout [30s], with gateway.local.dangling_timeout [2h];
[2016-03-03T18:18:34.731851] [Collector] using enabled [false], host [null], port [9700-9800], bulk_actions [1000], bulk_size [5mb], flush_interval [5s], concurrent_requests [4];
[2016-03-03T18:18:34.738136] [Collector] initialized;
[2016-03-03T18:18:34.738200] [Collector] starting ...;
[2016-03-03T18:18:34.754072] Using select timeout of 500;
[2016-03-03T18:18:34.754121] Epoll-bug workaround enabled = false;
[2016-03-03T18:18:34.775549] [Collector] using profile[default], worker_count[4], port[9300-9400], bind_host[null], publish_host[null], compress[false], connect_timeout[30s], connections_per_node[2/3/6/1/1], receive_predictor[512kb->512kb];
[2016-03-03T18:18:34.800996] [Collector] Bound profile [default] to address [/0.0.0.0:9301];
[2016-03-03T18:18:34.803168] [Collector] bound_address {inet[/0.0.0.0:9301]}, publish_address {inet[/172.16.100.137:9301]};
[2016-03-03T18:18:34.820210] [Collector] dev-elasticsearch/ssVO8lJIT_OSDIr0Hw8vyA;
[2016-03-03T18:18:34.820833] [Collector] processing [initial_join]: execute;
[2016-03-03T18:18:34.821474] [Collector] processing [initial_join]: took 0s no change in cluster_state;
[2016-03-03T18:18:38.584284] [Collector] filtered ping responses: (filter_client[true], filter_data[false]) {none};
[2016-03-03T18:18:39.820568] [Collector] waited for 5s and no initial state was set by the discovery;
[2016-03-03T18:18:39.820773] [Collector] can't wait on start for (possibly) reading state from gateway, will do it asynchronously;
[2016-03-03T18:18:39.827304] [Collector] bound_address {inet[/0.0.0.0:9201]}, publish_address {inet[/172.16.100.137:9201]};
[2016-03-03T18:18:39.827533] [Collector] started;
[2016-03-03T18:18:39.829568] Worker thread started; driver='d_elasticsearch#0'
[2016-03-03T18:18:39.829805] connecting to cluster, cluster_name='dev-elasticsearch';
[2016-03-03T18:18:39.829840] Running application hooks; hook='1'
[2016-03-03T18:18:39.829849] Running application hooks; hook='3'
[2016-03-03T18:18:39.829887] syslog-ng starting up; version='3.7.2'
[2016-03-03T18:18:39.834090] [Collector] no known master node, scheduling a retry;
[2016-03-03T18:18:42.335988] [Collector] filtered ping responses: (filter_client[true], filter_data[false]) {none};
[2016-03-03T18:18:44.841864] [Collector] observer: timeout notification from cluster service. timeout setting [5s], time since start [5s];
[2016-03-03T18:18:44.843797] Failed to connect to dev-elasticsearch, reason='waited for [5s]';
[2016-03-03T18:18:46.087601] [Collector] filtered ping responses: (filter_client[true], filter_data[false]) {none};
[2016-03-03T18:18:49.839455] [Collector] filtered ping responses: (filter_client[true], filter_data[false]) {none};
[2016-03-03T18:18:53.591086] [Collector] filtered ping responses: (filter_client[true], filter_data[false]) {none};
[2016-03-03T18:18:54.853069] connecting to cluster, cluster_name='dev-elasticsearch';
[2016-03-03T18:18:54.853215] [Collector] no known master node, scheduling a retry;
^C[2016-03-03T18:18:55.760700] syslog-ng shutting down; version='3.7.2'
[2016-03-03T18:18:57.343157] [Collector] filtered ping responses: (filter_client[true], filter_data[false]) {none};
[2016-03-03T18:18:59.853603] [Collector] observer: timeout notification from cluster service. timeout setting [5s], time since start [5s];
[2016-03-03T18:18:59.853990] Failed to connect to dev-elasticsearch, reason='waited for [5s]';
[2016-03-03T18:18:59.854109] Worker thread finished; driver='d_elasticsearch#0'
[2016-03-03T18:18:59.854295] Closing log transport fd; fd='12'
[2016-03-03T18:18:59.854458] [Collector] stopping ...;
[2016-03-03T18:18:59.862200] [Collector] stopped;
[2016-03-03T18:18:59.862247] [Collector] closing ...;
[2016-03-03T18:18:59.868335] [Collector] closed;
[2016-03-03T18:18:59.868583] Java machine free;
[2016-03-03T18:18:59.880134] Running application hooks; hook='4'
This then goes on ad-finitum.
Any troubleshooting tips ?
Thanks in advance
--------------------------------------------------------------------------------------------------------------------------
This email has been sent to you on behalf of Nephila Advisors LLC (“Advisors”). Advisors provides consultancy services to Nephila Capital Ltd. (“Capital”), an investment advisor managed and carrying on business in Bermuda. Advisors and its employees do not act as agents for Capital or the funds it advises and do not have the authority to bind Capital or such funds to any transaction or agreement.
The information in this e-mail, and any attachment therein, is confidential and for use by the addressee only. Any use, disclosure, reproduction, modification or distribution of the contents of this e-mail, or any part thereof, other than by the intended recipient, is strictly prohibited. If you are not the intended recipient, please return the e-mail to the sender and delete it from your computer. This email is for information purposes only, nothing contained herein constitutes an offer to sell or buy securities, as such an offer may only be made from a properly authorized offering document. Although Nephila attempts to sweep e-mail and attachments for viruses, it does not guarantee that either are virus-free and accepts no liability for any damage sustained as a result of viruses.
--------------------------------------------------------------------------------------------------------------------------
More information about the syslog-ng
mailing list