[syslog-ng] syslog-ng 3.7.2 + ES 2.2.0
Evan Rempel
erempel at uvic.ca
Fri Mar 4 00:12:06 CET 2016
I have had limited success with transport mode as well.
Our next attempt is to utilize a fully configured ES node as an ingest
node that runs ES only as a part of syslog-ng. This ingest node would
not have any storage. Then we would have another set of nodes that are
part of the same cluster that do have storage. Hopefully then we can use
client_mode("node") on the ingest node(s) to push data into the ES cluster.
Won't be getting to that for a couple of weeks though :-(
If you beat me to it, let me know how it goes.
Evan.
On 03/03/2016 02:41 PM, Robin Blanchard wrote:
> Very interesting find!
>
> That coincides with what I've been seeing (listening port-wise):
>
>
> Launching syslog-ng by itself (without ES):
>
>
>
> $ lsof -i -P -n |egrep '^(syslog-ng|java)'
> syslog-ng 26858 root 12u IPv4 1207704 0t0 UDP *:514
> syslog-ng 26858 root 14u IPv4 1207705 0t0 TCP *:514 (LISTEN)
> syslog-ng 26858 root 217u IPv4 1208427 0t0 TCP *:9300 (LISTEN)
> syslog-ng 26858 root 219u IPv4 1208440 0t0 UDP *:54328
> syslog-ng 26858 root 235u IPv4 1207919 0t0 TCP *:9200 (LISTEN)
>
>
> Launching ES by itself (without syslog-ng):
>
> $ lsof -i -P -n |egrep '^(syslog-ng|java)'
> java 26986 elasticsearch 92u IPv4 1210496 0t0 TCP 127.0.0.1:9300 (LISTEN)
> java 26986 elasticsearch 110u IPv4 1209925 0t0 TCP 127.0.0.1:9200 (LISTEN)
>
>
>
>
> Launching syslog-ng after ES:
>
> $ lsof -i -P -n |egrep '^(syslog-ng|java)'
> java 26986 elasticsearch 92u IPv4 1210496 0t0 TCP 127.0.0.1:9300 (LISTEN)
> java 26986 elasticsearch 110u IPv4 1209925 0t0 TCP 127.0.0.1:9200 (LISTEN)
> syslog-ng 27067 root 12u IPv4 1210248 0t0 UDP *:514
> syslog-ng 27067 root 14u IPv4 1210249 0t0 TCP *:514 (LISTEN)
> syslog-ng 27067 root 217u IPv4 1210850 0t0 TCP *:9301 (LISTEN)
> syslog-ng 27067 root 219u IPv4 1210861 0t0 UDP *:54328
> syslog-ng 27067 root 235u IPv4 1210286 0t0 TCP *:9201 (LISTEN)
>
>
> Trying to launch ES after syslog-ng then yields (in ES's log)
>
> [2016-03-03 18:39:10,934][ERROR][bootstrap ] [dev-applog01] Exception
> BindHttpException[Failed to bind to [9200]]; nested: ChannelException[Failed to bind to: /127.0.0.1:9200]; nested: BindException[Address already in use];
>
>
>
>
>
> Have you been able to utilize (with success) transport mode ? I have have no success...
>
>
>
>
>
>
> -----Original Message-----
> From: <syslog-ng-bounces at lists.balabit.hu> on behalf of Evan Rempel <erempel at uvic.ca>
> Reply-To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
> Date: Thursday, March 3, 2016 at 16:27
> To: "syslog-ng at lists.balabit.hu" <syslog-ng at lists.balabit.hu>
> Subject: Re: [syslog-ng] syslog-ng 3.7.2 + ES 2.2.0
>
>> I had this kind of problem as well.
>> It seems like (I have not confirmed) that when the ES destination in
>> syslog-ng is running in client_mode("node") it seems to run as if it
>> were a full fledged ES node. This means that the syslog-ng destination
>> can NOT run in this mode on a system that is also running the ES code.
>>
>> Try stopping ES and syslog-ng. Then start syslog-ng. It should be happy.
>> Then try to start ES and it will start showing the errors rather than
>> the syslog-ng ES destination.
>>
>> I think only 1 can run on a single system.
>>
>> Evan.
>>
>> On 03/03/2016 02:22 PM, Robin Blanchard wrote:
>>> Hi,
>>>
>>> I'm trying to push from syslog-ng-3.7.2 (yum repo czanik-syslog-ng37) directly into a single-node ES 2.2.0 (yum repo elasticsearch-2.x).
>>>
>>>
>>> Relevant syslog-ng.conf snippet:
>>>
>>> destination d_elasticsearch {
>>> elasticsearch(
>>> index("syslog-ng_${YEAR}.${MONTH}.${DAY}")
>>> type("syslog-ng")
>>> class-path("/usr/lib64/syslog-ng/java-modules/*.jar:/usr/lib/syslog-ng-java-module-dependency-jars/jars/*.jar:/usr/share/elasticsearch/lib/*.jar:/usr/share/elasticsearch/modules/*.jar")
>>>
>>> client_mode("node")
>>> server("127.0.0.1")
>>> port("9300")
>>> cluster("dev-elasticsearch")
>>>
>>> #client_mode("transport")
>>> #resource("/etc/elasticsearch/elasticsearch.yml")
>>>
>>> template("$(format-json -s all-nv-pairs -p @timestamp=$ISODATE -p @message=$MSG)")
>>> );
>>> };
>>>
>>>
>>>
>>>
>>> Very minimal elasticsearch.yaml:
>>>
>>> cluster.name: dev-elasticsearch
>>> node.name: dev-applog01
>>> network.host: 127.0.0.1
>>> http.port: 9200
>>>
>>> node.master: true
>>> node.data: true
>>> node.max_local_storage_nodes: 1
>>>
>>> discovery.zen.ping.multicast.enabled: false
>>> discovery.zen.ping.unicast.hosts: ["dev-applog01.dev.local"]
>>> #discovery.zen.ping.unicast.hosts: ["127.0.0.1"]
>>>
>>>
>>>
>>>
>>>
>>>
>>> ES itself looks happy:
>>>
>>> $ curl 'localhost:9200/_nodes/jvm?pretty'
>>> {
>>> "cluster_name" : "dev-elasticsearch",
>>> "nodes" : {
>>> "QkZpHu32Rdeh0InUvsSSKw" : {
>>> "name" : "dev-applog01",
>>> "transport_address" : "127.0.0.1:9300",
>>> "host" : "127.0.0.1",
>>> "ip" : "127.0.0.1",
>>> "version" : "2.2.0",
>>> "build" : "8ff36d1",
>>> "http_address" : "127.0.0.1:9200",
>>> "attributes" : {
>>> "max_local_storage_nodes" : "1",
>>> "master" : "true"
>>> },
>>> "jvm" : {
>>> "pid" : 25310,
>>> "version" : "1.8.0_66",
>>> "vm_name" : "Java HotSpot(TM) 64-Bit Server VM",
>>> "vm_version" : "25.66-b17",
>>> "vm_vendor" : "Oracle Corporation",
>>> "start_time_in_millis" : 1457041645379,
>>> "mem" : {
>>> "heap_init_in_bytes" : 8589934592,
>>> "heap_max_in_bytes" : 8572502016,
>>> "non_heap_init_in_bytes" : 2555904,
>>> "non_heap_max_in_bytes" : 0,
>>> "direct_max_in_bytes" : 8572502016
>>> },
>>> "gc_collectors" : [ "ParNew", "ConcurrentMarkSweep" ],
>>> "memory_pools" : [ "Code Cache", "Metaspace", "Compressed Class Space", "Par Eden Space", "Par Survivor Space", "CMS Old Gen" ],
>>> "using_compressed_ordinary_object_pointers" : "true"
>>> }
>>> }
>>> }
>>> }
>>>
>>>
>>>
>>> $ curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
>>> {
>>> "cluster_name" : "dev-elasticsearch",
>>> "status" : "green",
>>> "timed_out" : false,
>>> "number_of_nodes" : 1,
>>> "number_of_data_nodes" : 1,
>>> "active_primary_shards" : 0,
>>> "active_shards" : 0,
>>> "relocating_shards" : 0,
>>> "initializing_shards" : 0,
>>> "unassigned_shards" : 0,
>>> "delayed_unassigned_shards" : 0,
>>> "number_of_pending_tasks" : 0,
>>> "number_of_in_flight_fetch" : 0,
>>> "task_max_waiting_in_queue_millis" : 0,
>>> "active_shards_percent_as_number" : 100.0
>>> }
>>>
>>>
>>>
>>> $ curl localhost:9200
>>> {
>>> "name" : "dev-applog01",
>>> "cluster_name" : "dev-elasticsearch",
>>> "version" : {
>>> "number" : "2.2.0",
>>> "build_hash" : "8ff36d139e16f8720f2947ef62c8167a888992fe",
>>> "build_timestamp" : "2016-01-27T13:32:39Z",
>>> "build_snapshot" : false,
>>> "lucene_version" : "5.4.1"
>>> },
>>> "tagline" : "You Know, for Search"
>>> }
>>>
>>>
>>>
>>>
>>> Syslog-ng seems to be unable to establish a connection. Running in the foreground I find:
>>>
>>>
>>>
>>>
>>> $ syslog-ng -dv -F
>>> [2016-03-03T18:18:32.583896] Systemd is detected as the running init system;
>>> [2016-03-03T18:18:32.584453] Starting to read include file; filename='/etc/syslog-ng/scl.conf', depth='1'
>>> [2016-03-03T18:18:32.584567] Global value changed; define='scl-root', value='/usr/share/syslog-ng/include/scl'
>>> [2016-03-03T18:18:32.584589] Global value changed; define='include-path', value='/etc/syslog-ng:/usr/share/syslog-ng/include'
>>> [2016-03-03T18:18:32.584747] Adding include file; filename='/usr/share/syslog-ng/include/scl/cim/template.conf'
>>> [2016-03-03T18:18:32.584754] Adding include file; filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf'
>>> [2016-03-03T18:18:32.584758] Adding include file; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf'
>>> [2016-03-03T18:18:32.584761] Adding include file; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf'
>>> [2016-03-03T18:18:32.584765] Adding include file; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf'
>>> [2016-03-03T18:18:32.584769] Adding include file; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf'
>>> [2016-03-03T18:18:32.584772] Adding include file; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf'
>>> [2016-03-03T18:18:32.584776] Adding include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf'
>>> [2016-03-03T18:18:32.584779] Adding include file; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf'
>>> [2016-03-03T18:18:32.584782] Adding include file; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf'
>>> [2016-03-03T18:18:32.584786] Adding include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf'
>>> [2016-03-03T18:18:32.584790] Adding include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf'
>>> [2016-03-03T18:18:32.584799] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2'
>>> [2016-03-03T18:18:32.584864] Reading path for candidate modules; path='//usr/lib64/syslog-ng'
>>> [2016-03-03T18:18:32.584910] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='grok-parser.so', module='grok-parser'
>>> [2016-03-03T18:18:32.585383] Registering candidate plugin; module='grok-parser', context='parser', name='grok', preference='0'
>>> [2016-03-03T18:18:32.585442] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='tfgetent.so', module='tfgetent'
>>> [2016-03-03T18:18:32.585579] Registering candidate plugin; module='tfgetent', context='template-func', name='getent', preference='0'
>>> [2016-03-03T18:18:32.585600] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='dbparser.so', module='dbparser'
>>> [2016-03-03T18:18:32.585760] Registering candidate plugin; module='dbparser', context='parser', name='db-parser', preference='0'
>>> [2016-03-03T18:18:32.585783] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='graphite.so', module='graphite'
>>> [2016-03-03T18:18:32.585905] Registering candidate plugin; module='graphite', context='template-func', name='graphite_output', preference='0'
>>> [2016-03-03T18:18:32.585925] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='basicfuncs-plus.so', module='basicfuncs-plus'
>>> [2016-03-03T18:18:32.586055] Registering candidate plugin; module='basicfuncs-plus', context='template-func', name='//', preference='0'
>>> [2016-03-03T18:18:32.586062] Registering candidate plugin; module='basicfuncs-plus', context='template-func', name='state', preference='0'
>>> [2016-03-03T18:18:32.586080] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='syslogformat.so', module='syslogformat'
>>> [2016-03-03T18:18:32.586235] Registering candidate plugin; module='syslogformat', context='format', name='syslog', preference='0'
>>> [2016-03-03T18:18:32.586247] Registering candidate plugin; module='syslogformat', context='parser', name='syslog-parser', preference='0'
>>> [2016-03-03T18:18:32.586266] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='basicfuncs.so', module='basicfuncs'
>>> [2016-03-03T18:18:32.586405] Registering candidate plugin; module='basicfuncs', context='template-func', name='grep', preference='0'
>>> [2016-03-03T18:18:32.586413] Registering candidate plugin; module='basicfuncs', context='template-func', name='if', preference='0'
>>> [2016-03-03T18:18:32.586417] Registering candidate plugin; module='basicfuncs', context='template-func', name='or', preference='0'
>>> [2016-03-03T18:18:32.586422] Registering candidate plugin; module='basicfuncs', context='template-func', name='echo', preference='0'
>>> [2016-03-03T18:18:32.586427] Registering candidate plugin; module='basicfuncs', context='template-func', name='length', preference='0'
>>> [2016-03-03T18:18:32.586431] Registering candidate plugin; module='basicfuncs', context='template-func', name='substr', preference='0'
>>> [2016-03-03T18:18:32.586436] Registering candidate plugin; module='basicfuncs', context='template-func', name='strip', preference='0'
>>> [2016-03-03T18:18:32.586462] Registering candidate plugin; module='basicfuncs', context='template-func', name='sanitize', preference='0'
>>> [2016-03-03T18:18:32.586467] Registering candidate plugin; module='basicfuncs', context='template-func', name='lowercase', preference='0'
>>> [2016-03-03T18:18:32.586472] Registering candidate plugin; module='basicfuncs', context='template-func', name='uppercase', preference='0'
>>> [2016-03-03T18:18:32.586476] Registering candidate plugin; module='basicfuncs', context='template-func', name='replace-delimiter', preference='0'
>>> [2016-03-03T18:18:32.586481] Registering candidate plugin; module='basicfuncs', context='template-func', name='padding', preference='0'
>>> [2016-03-03T18:18:32.586485] Registering candidate plugin; module='basicfuncs', context='template-func', name='+', preference='0'
>>> [2016-03-03T18:18:32.586489] Registering candidate plugin; module='basicfuncs', context='template-func', name='-', preference='0'
>>> [2016-03-03T18:18:32.586493] Registering candidate plugin; module='basicfuncs', context='template-func', name='*', preference='0'
>>> [2016-03-03T18:18:32.586498] Registering candidate plugin; module='basicfuncs', context='template-func', name='/', preference='0'
>>> [2016-03-03T18:18:32.586502] Registering candidate plugin; module='basicfuncs', context='template-func', name='%', preference='0'
>>> [2016-03-03T18:18:32.586506] Registering candidate plugin; module='basicfuncs', context='template-func', name='ipv4-to-int', preference='0'
>>> [2016-03-03T18:18:32.586510] Registering candidate plugin; module='basicfuncs', context='template-func', name='indent-multi-line', preference='0'
>>> [2016-03-03T18:18:32.586515] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-length', preference='0'
>>> [2016-03-03T18:18:32.586519] Registering candidate plugin; module='basicfuncs', context='template-func', name='env', preference='0'
>>> [2016-03-03T18:18:32.586523] Registering candidate plugin; module='basicfuncs', context='template-func', name='template', preference='0'
>>> [2016-03-03T18:18:32.586544] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afstomp.so', module='afstomp'
>>> [2016-03-03T18:18:32.586674] Registering candidate plugin; module='afstomp', context='destination', name='stomp', preference='0'
>>> [2016-03-03T18:18:32.586695] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='monitor-source.so', module='monitor-source'
>>> [2016-03-03T18:18:32.586911] Registering candidate plugin; module='monitor-source', context='source', name='monitor', preference='0'
>>> [2016-03-03T18:18:32.586945] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afamqp.so', module='afamqp'
>>> [2016-03-03T18:18:32.587080] Registering candidate plugin; module='afamqp', context='destination', name='amqp', preference='0'
>>> [2016-03-03T18:18:32.587102] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='trigger-source.so', module='trigger-source'
>>> [2016-03-03T18:18:32.587228] Registering candidate plugin; module='trigger-source', context='source', name='trigger', preference='0'
>>> [2016-03-03T18:18:32.587249] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='lua.so', module='lua'
>>> [2016-03-03T18:18:32.587721] Registering candidate plugin; module='lua', context='destination', name='lua', preference='0'
>>> [2016-03-03T18:18:32.587763] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='confgen.so', module='confgen'
>>> [2016-03-03T18:18:32.587904] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='mod-java.so', module='mod-java'
>>> [2016-03-03T18:18:32.589487] Registering candidate plugin; module='mod-java', context='destination', name='java', preference='0'
>>> [2016-03-03T18:18:32.589637] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='system-source.so', module='system-source'
>>> [2016-03-03T18:18:32.589795] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='sdjournal.so', module='sdjournal'
>>> [2016-03-03T18:18:32.589931] Registering candidate plugin; module='sdjournal', context='source', name='systemd-journal', preference='0'
>>> [2016-03-03T18:18:32.589954] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afprog.so', module='afprog'
>>> [2016-03-03T18:18:32.590113] Registering candidate plugin; module='afprog', context='source', name='program', preference='0'
>>> [2016-03-03T18:18:32.590120] Registering candidate plugin; module='afprog', context='destination', name='program', preference='0'
>>> [2016-03-03T18:18:32.590139] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='kafka.so', module='kafka'
>>> [2016-03-03T18:18:32.590331] Registering candidate plugin; module='kafka', context='destination', name='kafka', preference='0'
>>> [2016-03-03T18:18:32.590366] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='pseudofile.so', module='pseudofile'
>>> [2016-03-03T18:18:32.590493] Registering candidate plugin; module='pseudofile', context='destination', name='pseudofile', preference='0'
>>> [2016-03-03T18:18:32.590514] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='linux-kmsg-format.so', module='linux-kmsg-format'
>>> [2016-03-03T18:18:32.590642] Registering candidate plugin; module='linux-kmsg-format', context='format', name='linux-kmsg', preference='0'
>>> [2016-03-03T18:18:32.590661] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='affile.so', module='affile'
>>> [2016-03-03T18:18:32.590798] Registering candidate plugin; module='affile', context='source', name='file', preference='0'
>>> [2016-03-03T18:18:32.590807] Registering candidate plugin; module='affile', context='source', name='pipe', preference='0'
>>> [2016-03-03T18:18:32.590812] Registering candidate plugin; module='affile', context='destination', name='file', preference='0'
>>> [2016-03-03T18:18:32.590817] Registering candidate plugin; module='affile', context='destination', name='pipe', preference='0'
>>> [2016-03-03T18:18:32.590836] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afsocket.so', module='afsocket'
>>> [2016-03-03T18:18:32.591123] Registering candidate plugin; module='afsocket', context='source', name='unix-stream', preference='100'
>>> [2016-03-03T18:18:32.591132] Registering candidate plugin; module='afsocket', context='destination', name='unix-stream', preference='100'
>>> [2016-03-03T18:18:32.591137] Registering candidate plugin; module='afsocket', context='source', name='unix-dgram', preference='100'
>>> [2016-03-03T18:18:32.591141] Registering candidate plugin; module='afsocket', context='destination', name='unix-dgram', preference='100'
>>> [2016-03-03T18:18:32.591146] Registering candidate plugin; module='afsocket', context='source', name='tcp', preference='100'
>>> [2016-03-03T18:18:32.591150] Registering candidate plugin; module='afsocket', context='destination', name='tcp', preference='100'
>>> [2016-03-03T18:18:32.591164] Registering candidate plugin; module='afsocket', context='source', name='tcp6', preference='100'
>>> [2016-03-03T18:18:32.591169] Registering candidate plugin; module='afsocket', context='destination', name='tcp6', preference='100'
>>> [2016-03-03T18:18:32.591173] Registering candidate plugin; module='afsocket', context='source', name='udp', preference='100'
>>> [2016-03-03T18:18:32.591178] Registering candidate plugin; module='afsocket', context='destination', name='udp', preference='100'
>>> [2016-03-03T18:18:32.591182] Registering candidate plugin; module='afsocket', context='source', name='udp6', preference='100'
>>> [2016-03-03T18:18:32.591187] Registering candidate plugin; module='afsocket', context='destination', name='udp6', preference='100'
>>> [2016-03-03T18:18:32.591191] Registering candidate plugin; module='afsocket', context='source', name='syslog', preference='100'
>>> [2016-03-03T18:18:32.591195] Registering candidate plugin; module='afsocket', context='destination', name='syslog', preference='100'
>>> [2016-03-03T18:18:32.591234] Registering candidate plugin; module='afsocket', context='source', name='network', preference='100'
>>> [2016-03-03T18:18:32.591240] Registering candidate plugin; module='afsocket', context='destination', name='network', preference='100'
>>> [2016-03-03T18:18:32.591244] Registering candidate plugin; module='afsocket', context='source', name='systemd-syslog', preference='100'
>>> [2016-03-03T18:18:32.591280] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='json-plugin.so', module='json-plugin'
>>> [2016-03-03T18:18:32.591464] Registering candidate plugin; module='json-plugin', context='parser', name='json-parser', preference='0'
>>> [2016-03-03T18:18:32.591479] Registering candidate plugin; module='json-plugin', context='template-func', name='format_json', preference='0'
>>> [2016-03-03T18:18:32.591516] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afuser.so', module='afuser'
>>> [2016-03-03T18:18:32.591703] Registering candidate plugin; module='afuser', context='destination', name='usertty', preference='0'
>>> [2016-03-03T18:18:32.591727] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='csvparser.so', module='csvparser'
>>> [2016-03-03T18:18:32.591846] Registering candidate plugin; module='csvparser', context='parser', name='csv-parser', preference='0'
>>> [2016-03-03T18:18:32.591867] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='rss.so', module='rss'
>>> [2016-03-03T18:18:32.592020] Registering candidate plugin; module='rss', context='destination', name='rss', preference='0'
>>> [2016-03-03T18:18:32.592050] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='date-parser.so', module='date-parser'
>>> [2016-03-03T18:18:32.592171] Registering candidate plugin; module='date-parser', context='parser', name='date-parser', preference='0'
>>> [2016-03-03T18:18:32.592193] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='kvformat.so', module='kvformat'
>>> [2016-03-03T18:18:32.592252] Registering candidate plugin; module='kvformat', context='parser', name='kv-parser', preference='0'
>>> [2016-03-03T18:18:32.592259] Registering candidate plugin; module='kvformat', context='parser', name='linux-audit-parser', preference='0'
>>> [2016-03-03T18:18:32.592264] Registering candidate plugin; module='kvformat', context='template-func', name='format-welf', preference='0'
>>> [2016-03-03T18:18:32.592283] Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='cryptofuncs.so', module='cryptofuncs'
>>> [2016-03-03T18:18:32.592399] Registering candidate plugin; module='cryptofuncs', context='template-func', name='uuid', preference='0'
>>> [2016-03-03T18:18:32.592406] Registering candidate plugin; module='cryptofuncs', context='template-func', name='hash', preference='0'
>>> [2016-03-03T18:18:32.592411] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha1', preference='0'
>>> [2016-03-03T18:18:32.592416] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha256', preference='0'
>>> [2016-03-03T18:18:32.592421] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha512', preference='0'
>>> [2016-03-03T18:18:32.592425] Registering candidate plugin; module='cryptofuncs', context='template-func', name='md4', preference='0'
>>> [2016-03-03T18:18:32.592430] Registering candidate plugin; module='cryptofuncs', context='template-func', name='md5', preference='0'
>>> [2016-03-03T18:18:32.592692] Module loaded and initialized successfully; module='json-plugin'
>>> [2016-03-03T18:18:32.592840] Finishing include; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2'
>>> [2016-03-03T18:18:32.592875] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', depth='2'
>>> [2016-03-03T18:18:32.593010] Finishing include; filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', depth='2'
>>> [2016-03-03T18:18:32.593027] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2'
>>> [2016-03-03T18:18:32.593090] Finishing include; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2'
>>> [2016-03-03T18:18:32.593105] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2'
>>> [2016-03-03T18:18:32.593179] Finishing include; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2'
>>> [2016-03-03T18:18:32.593194] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2'
>>> [2016-03-03T18:18:32.593269] Finishing include; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2'
>>> [2016-03-03T18:18:32.593293] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2'
>>> [2016-03-03T18:18:32.593351] Finishing include; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2'
>>> [2016-03-03T18:18:32.593365] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2'
>>> [2016-03-03T18:18:32.593429] Finishing include; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2'
>>> [2016-03-03T18:18:32.593460] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
>>> [2016-03-03T18:18:32.593527] Finishing include; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
>>> [2016-03-03T18:18:32.593541] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2'
>>> [2016-03-03T18:18:32.593611] Global value changed; define='balabit.credit-card-regexp', value='(?P<1>:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35d{3})d{11})'
>>> [2016-03-03T18:18:32.593650] Finishing include; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2'
>>> [2016-03-03T18:18:32.593676] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2'
>>> [2016-03-03T18:18:32.593715] Finishing include; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2'
>>> [2016-03-03T18:18:32.593728] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2'
>>> [2016-03-03T18:18:32.593952] Module loaded and initialized successfully; module='confgen'
>>> [2016-03-03T18:18:32.593965] Finishing include; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2'
>>> [2016-03-03T18:18:32.593992] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2'
>>> [2016-03-03T18:18:32.594201] Module loaded and initialized successfully; module='system-source'
>>> [2016-03-03T18:18:32.594216] Finishing include; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2'
>>> [2016-03-03T18:18:32.594234] Finishing include; filename='/etc/syslog-ng/scl.conf', depth='1'
>>> [2016-03-03T18:18:32.595508] Module loaded and initialized successfully; module='mod-java'
>>> [2016-03-03T18:18:32.596214] Module loaded and initialized successfully; module='sdjournal'
>>> [2016-03-03T18:18:32.596321] Finishing include; content='source confgen system', depth='1'
>>> [2016-03-03T18:18:32.596649] Module loaded and initialized successfully; module='afsocket'
>>> [2016-03-03T18:18:32.596952] Module loaded and initialized successfully; module='affile'
>>> [2016-03-03T18:18:32.597231] Finishing include; content='destination block elasticsearch', depth='1'
>>> [2016-03-03T18:18:32.597670] Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:105:5]
>>> [2016-03-03T18:18:32.597677] Compiling s_all reference [source] at [/etc/syslog-ng/syslog-ng.conf:105:5]
>>> [2016-03-03T18:18:32.597681] Compiling s_all sequence [source] at [/etc/syslog-ng/syslog-ng.conf:46:1]
>>> [2016-03-03T18:18:32.597685] Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:46:15]
>>> [2016-03-03T18:18:32.597688] Compiling #unnamed sequence [log] at [source confgen system:2:5]
>>> [2016-03-03T18:18:32.597691] Compiling #unnamed sequence [source] at [source confgen system:2:5]
>>> [2016-03-03T18:18:32.597694] Compiling #unnamed junction [log] at [source confgen system:2:13]
>>> [2016-03-03T18:18:32.597698] Compiling #unnamed single [log] at [source confgen system:3:1]
>>> [2016-03-03T18:18:32.597703] Compiling #unnamed junction [log] at [source confgen system:6:1]
>>> [2016-03-03T18:18:32.597706] Compiling #unnamed sequence [log] at [source confgen system:6:10]
>>> [2016-03-03T18:18:32.597709] Compiling #unnamed junction [log] at [source confgen system:7:3]
>>> [2016-03-03T18:18:32.597712] Compiling #unnamed sequence [log] at [source confgen system:8:5]
>>> [2016-03-03T18:18:32.597715] Compiling #unnamed sequence [parser] at [source confgen system:8:5]
>>> [2016-03-03T18:18:32.597718] Compiling #unnamed single [log] at [source confgen system:9:7]
>>> [2016-03-03T18:18:32.597723] Compiling #unnamed sequence [log] at [source confgen system:13:12]
>>> [2016-03-03T18:18:32.597727] Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:48:5]
>>> [2016-03-03T18:18:32.597730] Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:50:5]
>>> [2016-03-03T18:18:32.597733] Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:51:5]
>>> [2016-03-03T18:18:32.597738] Compiling d_all reference [destination] at [/etc/syslog-ng/syslog-ng.conf:106:5]
>>> [2016-03-03T18:18:32.597741] Compiling d_all sequence [destination] at [/etc/syslog-ng/syslog-ng.conf:55:1]
>>> [2016-03-03T18:18:32.597745] Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:55:20]
>>> [2016-03-03T18:18:32.597748] Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:56:5]
>>> [2016-03-03T18:18:32.597752] Compiling d_elasticsearch reference [destination] at [/etc/syslog-ng/syslog-ng.conf:108:5]
>>> [2016-03-03T18:18:32.597755] Compiling d_elasticsearch sequence [destination] at [/etc/syslog-ng/syslog-ng.conf:68:1]
>>> [2016-03-03T18:18:32.597758] Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:68:30]
>>> [2016-03-03T18:18:32.597761] Compiling #unnamed single [log] at [#buffer:2:3]
>>> [2016-03-03T18:18:32.597910] Seeking the journal to the last cursor position; cursor='s=72b441ec79314a56be3b86ef506fc109;i=3cfd;b=f0354cb6895a47b08113b3c5bd948cde;m=2ca3301178;t=52d2c4c757947;x=1ea7735e89f7c905'
>>> [2016-03-03T18:18:32.598177] Module loaded and initialized successfully; module='syslogformat'
>>> [2016-03-03T18:18:32.598539] WARNING: window sizing for tcp sources were changed in syslog-ng 3.3, the configuration value was divided by the value of max-connections(). The result was too small, clamping to 100 entries. Ensure you have a proper log_fifo_size setting to avoid message loss.; orig_log_iw_size='0', new_log_iw_size='100', min_log_fifo_size='102400'
>>> [2016-03-03T18:18:32.690908] Add path to classpath: //usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar;
>>> [2016-03-03T18:18:32.691290] Add path to classpath: /usr/lib64/syslog-ng/java-modules/elastic.jar;
>>> [2016-03-03T18:18:32.691391] Add path to classpath: /usr/lib64/syslog-ng/java-modules/hdfs.jar;
>>> [2016-03-03T18:18:32.691478] Add path to classpath: /usr/lib64/syslog-ng/java-modules/java-modules.jar;
>>> [2016-03-03T18:18:32.691583] Add path to classpath: /usr/lib64/syslog-ng/java-modules/kafka.jar;
>>> [2016-03-03T18:18:32.691688] Add path to classpath: /usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar;
>>> [2016-03-03T18:18:32.691793] Add path to classpath: /usr/lib64/syslog-ng/java-modules/log4j-1.2.16.jar;
>>> [2016-03-03T18:18:32.691883] Add path to classpath: /usr/lib64/syslog-ng/java-modules/dummy.jar;
>>> [2016-03-03T18:18:32.691985] Add path to classpath: /usr/lib64/syslog-ng/java-modules/syslog-ng-common.jar;
>>> [2016-03-03T18:18:32.692070] Add path to classpath: /usr/lib64/syslog-ng/java-modules/http.jar;
>>> [2016-03-03T18:18:32.692142] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/hsqldb-1.8.0.10.jar;
>>> [2016-03-03T18:18:32.692234] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/netty-3.7.0.Final.jar;
>>> [2016-03-03T18:18:32.692652] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-memory-4.10.4.jar;
>>> [2016-03-03T18:18:32.692785] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/elasticsearch-1.6.0.jar;
>>> [2016-03-03T18:18:32.692899] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/oro-2.0.8.jar;
>>> [2016-03-03T18:18:32.692990] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/kafka-clients-0.8.2.1.jar;
>>> [2016-03-03T18:18:32.693074] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/zkclient-0.3.jar;
>>> [2016-03-03T18:18:32.693164] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-cli-1.2.jar;
>>> [2016-03-03T18:18:32.693259] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-el-1.0.jar;
>>> [2016-03-03T18:18:32.693350] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/slf4j-api-1.7.10.jar;
>>> [2016-03-03T18:18:32.693432] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/asm-4.1.jar;
>>> [2016-03-03T18:18:32.693516] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jasper-compiler-5.5.12.jar;
>>> [2016-03-03T18:18:32.693604] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-grouping-4.10.4.jar;
>>> [2016-03-03T18:18:32.693692] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lz4-1.2.0.jar;
>>> [2016-03-03T18:18:32.693773] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/xml-apis-1.3.04.jar;
>>> [2016-03-03T18:18:32.693850] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/xercesImpl-2.9.1.jar;
>>> [2016-03-03T18:18:32.693947] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/httpcore-4.2.4.jar;
>>> [2016-03-03T18:18:32.694038] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/xz-1.0.jar;
>>> [2016-03-03T18:18:32.694118] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-core-4.10.4.jar;
>>> [2016-03-03T18:18:32.694246] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-queryparser-4.10.4.jar;
>>> [2016-03-03T18:18:32.694333] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/hadoop-annotations-2.7.1.jar;
>>> [2016-03-03T18:18:32.694420] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-math-2.1.jar;
>>> [2016-03-03T18:18:32.694516] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/netty-all-4.0.23.Final.jar;
>>> [2016-03-03T18:18:32.694613] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jets3t-0.9.0.jar;
>>> [2016-03-03T18:18:32.694705] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/junit-4.12.jar;
>>> [2016-03-03T18:18:32.694807] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/protobuf-java-2.5.0.jar;
>>> [2016-03-03T18:18:32.694893] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/gson-2.2.4.jar;
>>> [2016-03-03T18:18:32.694987] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jsp-2.1-6.1.14.jar;
>>> [2016-03-03T18:18:32.695078] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jetty-6.1.26.jar;
>>> [2016-03-03T18:18:32.695157] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jackson-core-asl-1.9.13.jar;
>>> [2016-03-03T18:18:32.695248] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/avro-1.7.4.jar;
>>> [2016-03-03T18:18:32.695324] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jasper-runtime-5.5.12.jar;
>>> [2016-03-03T18:18:32.695412] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jersey-json-1.9.jar;
>>> [2016-03-03T18:18:32.695499] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-misc-4.10.4.jar;
>>> [2016-03-03T18:18:32.695598] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/hadoop-auth-2.7.1.jar;
>>> [2016-03-03T18:18:32.695686] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/snakeyaml-1.12.jar;
>>> [2016-03-03T18:18:32.695774] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jsp-api-2.1.jar;
>>> [2016-03-03T18:18:32.695859] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/stax-api-1.0.1.jar;
>>> [2016-03-03T18:18:32.695936] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jaxb-impl-2.2.3-1.jar;
>>> [2016-03-03T18:18:32.696041] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/servlet-api-2.5-20081211.jar;
>>> [2016-03-03T18:18:32.696137] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-math3-3.1.1.jar;
>>> [2016-03-03T18:18:32.696229] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/slf4j-api-1.7.6.jar;
>>> [2016-03-03T18:18:32.696321] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jersey-core-1.9.jar;
>>> [2016-03-03T18:18:32.696401] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/curator-framework-2.7.1.jar;
>>> [2016-03-03T18:18:32.696487] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-sandbox-4.10.4.jar;
>>> [2016-03-03T18:18:32.696566] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jsch-0.1.42.jar;
>>> [2016-03-03T18:18:32.696646] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/syslog-ng-core.jar;
>>> [2016-03-03T18:18:32.696727] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/log4j-1.2.16.jar;
>>> [2016-03-03T18:18:32.696809] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-suggest-4.10.4.jar;
>>> [2016-03-03T18:18:32.696894] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/xmlenc-0.52.jar;
>>> [2016-03-03T18:18:32.697000] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/hadoop-common-2.7.1.jar;
>>> [2016-03-03T18:18:32.697095] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/curator-client-2.7.1.jar;
>>> [2016-03-03T18:18:32.701317] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/apacheds-i18n-2.0.0-M15.jar;
>>> [2016-03-03T18:18:32.701462] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/asm-3.1.jar;
>>> [2016-03-03T18:18:32.701548] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/htrace-core-3.1.0-incubating.jar;
>>> [2016-03-03T18:18:32.701689] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-queries-4.10.4.jar;
>>> [2016-03-03T18:18:32.701773] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/hadoop-hdfs-2.7.1.jar;
>>> [2016-03-03T18:18:32.701853] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jersey-server-1.9.jar;
>>> [2016-03-03T18:18:32.701930] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jsr305-3.0.0.jar;
>>> [2016-03-03T18:18:32.702013] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jettison-1.1.jar;
>>> [2016-03-03T18:18:32.702090] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/ant-1.6.5.jar;
>>> [2016-03-03T18:18:32.702177] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/slf4j-log4j12-1.7.10.jar;
>>> [2016-03-03T18:18:32.702259] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-io-2.4.jar;
>>> [2016-03-03T18:18:32.702331] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-digester-1.8.jar;
>>> [2016-03-03T18:18:32.702403] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jackson-mapper-asl-1.9.13.jar;
>>> [2016-03-03T18:18:32.702480] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jline-0.9.94.jar;
>>> [2016-03-03T18:18:32.702552] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/apacheds-kerberos-codec-2.0.0-M15.jar;
>>> [2016-03-03T18:18:32.702639] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/asm-commons-4.1.jar;
>>> [2016-03-03T18:18:32.702715] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/spatial4j-0.4.1.jar;
>>> [2016-03-03T18:18:32.702794] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/servlet-api-2.5-6.1.14.jar;
>>> [2016-03-03T18:18:32.702869] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-analyzers-common-4.10.4.jar;
>>> [2016-03-03T18:18:32.702981] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-httpclient-3.1.jar;
>>> [2016-03-03T18:18:32.703094] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-daemon-1.0.13.jar;
>>> [2016-03-03T18:18:32.703176] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/paranamer-2.3.jar;
>>> [2016-03-03T18:18:32.703255] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/java-xmlbuilder-0.4.jar;
>>> [2016-03-03T18:18:32.703351] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jackson-jaxrs-1.8.3.jar;
>>> [2016-03-03T18:18:32.703428] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/junit-3.8.1.jar;
>>> [2016-03-03T18:18:32.703498] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/log4j-1.2.17.jar;
>>> [2016-03-03T18:18:32.703569] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jsp-api-2.1-6.1.14.jar;
>>> [2016-03-03T18:18:32.703652] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/metrics-core-2.2.0.jar;
>>> [2016-03-03T18:18:32.703728] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/syslog-ng-common.jar;
>>> [2016-03-03T18:18:32.703805] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-join-4.10.4.jar;
>>> [2016-03-03T18:18:32.703876] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-spatial-4.10.4.jar;
>>> [2016-03-03T18:18:32.703951] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/antlr-runtime-3.5.jar;
>>> [2016-03-03T18:18:32.704034] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/scala-library-2.10.4.jar;
>>> [2016-03-03T18:18:32.704112] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/activation-1.1.jar;
>>> [2016-03-03T18:18:32.704189] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jopt-simple-3.2.jar;
>>> [2016-03-03T18:18:32.704278] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/lucene-highlighter-4.10.4.jar;
>>> [2016-03-03T18:18:32.704353] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-collections-3.2.1.jar;
>>> [2016-03-03T18:18:32.704426] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-logging-1.1.3.jar;
>>> [2016-03-03T18:18:32.704502] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/snappy-java-1.1.1.6.jar;
>>> [2016-03-03T18:18:32.704575] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/guava-16.0.1.jar;
>>> [2016-03-03T18:18:32.704656] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/leveldbjni-all-1.8.jar;
>>> [2016-03-03T18:18:32.704733] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/slf4j-log4j12-1.6.1.jar;
>>> [2016-03-03T18:18:32.704806] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-compress-1.4.1.jar;
>>> [2016-03-03T18:18:32.706495] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-beanutils-1.7.0.jar;
>>> [2016-03-03T18:18:32.706575] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/stax-api-1.0-2.jar;
>>> [2016-03-03T18:18:32.706643] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/kafka_2.10-0.8.2.1.jar;
>>> [2016-03-03T18:18:32.706719] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-codec-1.6.jar;
>>> [2016-03-03T18:18:32.706783] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/core-3.1.1.jar;
>>> [2016-03-03T18:18:32.706842] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/httpclient-4.2.5.jar;
>>> [2016-03-03T18:18:32.706906] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-configuration-1.6.jar;
>>> [2016-03-03T18:18:32.706987] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jetty-util-6.1.26.jar;
>>> [2016-03-03T18:18:32.707051] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/hamcrest-core-1.3.jar;
>>> [2016-03-03T18:18:32.707116] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/api-util-1.0.0-M20.jar;
>>> [2016-03-03T18:18:32.707177] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/api-asn1-api-1.0.0-M20.jar;
>>> [2016-03-03T18:18:32.707250] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/curator-recipes-2.7.1.jar;
>>> [2016-03-03T18:18:32.707330] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-net-3.1.jar;
>>> [2016-03-03T18:18:32.707393] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/servlet-api-2.5.jar;
>>> [2016-03-03T18:18:32.707453] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-lang-2.6.jar;
>>> [2016-03-03T18:18:32.707535] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jackson-xc-1.8.3.jar;
>>> [2016-03-03T18:18:32.707611] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/zookeeper-3.4.6.jar;
>>> [2016-03-03T18:18:32.707686] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/jaxb-api-2.2.2.jar;
>>> [2016-03-03T18:18:32.707751] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/snappy-java-1.0.4.1.jar;
>>> [2016-03-03T18:18:32.707813] Add path to classpath: /usr/lib/syslog-ng-java-module-dependency-jars/jars/commons-beanutils-core-1.8.0.jar;
>>> [2016-03-03T18:18:32.707897] Add path to classpath: /usr/share/elasticsearch/lib/lucene-sandbox-5.4.1.jar;
>>> [2016-03-03T18:18:32.707960] Add path to classpath: /usr/share/elasticsearch/lib/HdrHistogram-2.1.6.jar;
>>> [2016-03-03T18:18:32.708068] Add path to classpath: /usr/share/elasticsearch/lib/snakeyaml-1.15.jar;
>>> [2016-03-03T18:18:32.708221] Add path to classpath: /usr/share/elasticsearch/lib/lucene-backward-codecs-5.4.1.jar;
>>> [2016-03-03T18:18:32.708311] Add path to classpath: /usr/share/elasticsearch/lib/lucene-queries-5.4.1.jar;
>>> [2016-03-03T18:18:32.708402] Add path to classpath: /usr/share/elasticsearch/lib/hppc-0.7.1.jar;
>>> [2016-03-03T18:18:32.708489] Add path to classpath: /usr/share/elasticsearch/lib/lucene-highlighter-5.4.1.jar;
>>> [2016-03-03T18:18:32.708579] Add path to classpath: /usr/share/elasticsearch/lib/joda-time-2.8.2.jar;
>>> [2016-03-03T18:18:32.708666] Add path to classpath: /usr/share/elasticsearch/lib/netty-3.10.5.Final.jar;
>>> [2016-03-03T18:18:32.708753] Add path to classpath: /usr/share/elasticsearch/lib/lucene-join-5.4.1.jar;
>>> [2016-03-03T18:18:32.708814] Add path to classpath: /usr/share/elasticsearch/lib/lucene-grouping-5.4.1.jar;
>>> [2016-03-03T18:18:32.708870] Add path to classpath: /usr/share/elasticsearch/lib/jackson-dataformat-cbor-2.6.2.jar;
>>> [2016-03-03T18:18:32.708929] Add path to classpath: /usr/share/elasticsearch/lib/lucene-core-5.4.1.jar;
>>> [2016-03-03T18:18:32.709024] Add path to classpath: /usr/share/elasticsearch/lib/apache-log4j-extras-1.2.17.jar;
>>> [2016-03-03T18:18:32.709102] Add path to classpath: /usr/share/elasticsearch/lib/jackson-dataformat-yaml-2.6.2.jar;
>>> [2016-03-03T18:18:32.709166] Add path to classpath: /usr/share/elasticsearch/lib/lucene-analyzers-common-5.4.1.jar;
>>> [2016-03-03T18:18:32.709231] Add path to classpath: /usr/share/elasticsearch/lib/jackson-dataformat-smile-2.6.2.jar;
>>> [2016-03-03T18:18:32.709289] Add path to classpath: /usr/share/elasticsearch/lib/t-digest-3.0.jar;
>>> [2016-03-03T18:18:32.709341] Add path to classpath: /usr/share/elasticsearch/lib/joda-convert-1.2.jar;
>>> [2016-03-03T18:18:32.709392] Add path to classpath: /usr/share/elasticsearch/lib/commons-cli-1.3.1.jar;
>>> [2016-03-03T18:18:32.709443] Add path to classpath: /usr/share/elasticsearch/lib/spatial4j-0.5.jar;
>>> [2016-03-03T18:18:32.709497] Add path to classpath: /usr/share/elasticsearch/lib/log4j-1.2.17.jar;
>>> [2016-03-03T18:18:32.709548] Add path to classpath: /usr/share/elasticsearch/lib/jackson-core-2.6.2.jar;
>>> [2016-03-03T18:18:32.709598] Add path to classpath: /usr/share/elasticsearch/lib/jsr166e-1.1.0.jar;
>>> [2016-03-03T18:18:32.709651] Add path to classpath: /usr/share/elasticsearch/lib/lucene-misc-5.4.1.jar;
>>> [2016-03-03T18:18:32.709703] Add path to classpath: /usr/share/elasticsearch/lib/lucene-memory-5.4.1.jar;
>>> [2016-03-03T18:18:32.709754] Add path to classpath: /usr/share/elasticsearch/lib/lucene-spatial-5.4.1.jar;
>>> [2016-03-03T18:18:32.709808] Add path to classpath: /usr/share/elasticsearch/lib/lucene-spatial3d-5.4.1.jar;
>>> [2016-03-03T18:18:32.709866] Add path to classpath: /usr/share/elasticsearch/lib/jna-4.1.0.jar;
>>> [2016-03-03T18:18:32.709917] Add path to classpath: /usr/share/elasticsearch/lib/guava-18.0.jar;
>>> [2016-03-03T18:18:32.709976] Add path to classpath: /usr/share/elasticsearch/lib/elasticsearch-2.2.0.jar;
>>> [2016-03-03T18:18:32.710030] Add path to classpath: /usr/share/elasticsearch/lib/lucene-queryparser-5.4.1.jar;
>>> [2016-03-03T18:18:32.710084] Add path to classpath: /usr/share/elasticsearch/lib/lucene-suggest-5.4.1.jar;
>>> [2016-03-03T18:18:32.710135] Add path to classpath: /usr/share/elasticsearch/lib/jts-1.13.jar;
>>> [2016-03-03T18:18:32.710188] Add path to classpath: /usr/share/elasticsearch/lib/compiler-0.8.13.jar;
>>> [2016-03-03T18:18:32.710239] Add path to classpath: /usr/share/elasticsearch/lib/securesm-1.0.jar;
>>> [2016-03-03T18:18:32.710652] Add path to classpath: /usr/share/elasticsearch/lib/compress-lzf-1.0.2.jar;
>>> [2016-03-03T18:18:32.815477] Add path to classpath: //usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar;
>>> [2016-03-03T18:18:32.995605] [Collector] version[1.6.0], pid[26563], build[cdd3ac4/2015-06-09T13:36:34Z];
>>> [2016-03-03T18:18:32.995656] [Collector] initializing ...;
>>> [2016-03-03T18:18:32.995762] [Collector] using home [/home/dev.local/devadmin_rblanchard], config [/home/dev.local/devadmin_rblanchard/config], data [[/home/dev.local/devadmin_rblanchard/data]], logs [/home/dev.local/devadmin_rblanchard/logs], work [/home/dev.local/devadmin_rblanchard/work], plugins [/home/dev.local/devadmin_rblanchard/plugins];
>>> [2016-03-03T18:18:33.001377] [Collector] [/home/dev.local/devadmin_rblanchard/plugins] directory does not exist.;
>>> [2016-03-03T18:18:33.002901] [Collector] [/home/dev.local/devadmin_rblanchard/plugins] directory does not exist.;
>>> [2016-03-03T18:18:33.003036] [Collector] loaded [], sites [];
>>> [2016-03-03T18:18:33.043579] using encoder [VanillaChunkDecoder] and decoder[{}] ;
>>> [2016-03-03T18:18:33.060562] [Collector] creating thread_pool [generic], type [cached], keep_alive [30s];
>>> [2016-03-03T18:18:33.071549] [Collector] creating thread_pool [index], type [fixed], size [2], queue_size [200];
>>> [2016-03-03T18:18:33.073694] [Collector] creating thread_pool [bulk], type [fixed], size [2], queue_size [50];
>>> [2016-03-03T18:18:33.073796] [Collector] creating thread_pool [get], type [fixed], size [2], queue_size [1k];
>>> [2016-03-03T18:18:33.073894] [Collector] creating thread_pool [search], type [fixed], size [4], queue_size [1k];
>>> [2016-03-03T18:18:33.074009] [Collector] creating thread_pool [suggest], type [fixed], size [2], queue_size [1k];
>>> [2016-03-03T18:18:33.074088] [Collector] creating thread_pool [percolate], type [fixed], size [2], queue_size [1k];
>>> [2016-03-03T18:18:33.074182] [Collector] creating thread_pool [management], type [scaling], min [1], size [5], keep_alive [5m];
>>> [2016-03-03T18:18:33.074874] [Collector] creating thread_pool [listener], type [fixed], size [1], queue_size [null];
>>> [2016-03-03T18:18:33.074949] [Collector] creating thread_pool [flush], type [scaling], min [1], size [1], keep_alive [5m];
>>> [2016-03-03T18:18:33.075029] [Collector] creating thread_pool [merge], type [scaling], min [1], size [1], keep_alive [5m];
>>> [2016-03-03T18:18:33.075103] [Collector] creating thread_pool [refresh], type [scaling], min [1], size [1], keep_alive [5m];
>>> [2016-03-03T18:18:33.075172] [Collector] creating thread_pool [warmer], type [scaling], min [1], size [1], keep_alive [5m];
>>> [2016-03-03T18:18:33.075259] [Collector] creating thread_pool [snapshot], type [scaling], min [1], size [1], keep_alive [5m];
>>> [2016-03-03T18:18:33.075324] [Collector] creating thread_pool [optimize], type [fixed], size [1], queue_size [null];
>>> [2016-03-03T18:18:33.075394] [Collector] creating thread_pool [fetch_shard_started], type [scaling], min [1], size [4], keep_alive [5m];
>>> [2016-03-03T18:18:33.075476] [Collector] creating thread_pool [fetch_shard_store], type [scaling], min [1], size [4], keep_alive [5m];
>>> [2016-03-03T18:18:33.274792] [Collector] failed to load groovy;
>>> [2016-03-03T18:18:33.275906] [Collector] failed to load lucene expressions;
>>> [2016-03-03T18:18:34.190001] [Collector] enabled [true], last_gc_enabled [false], interval [1s], gc_threshold [{default=GcThreshold{name='default', warnThreshold=10000, infoThreshold=5000, debugThreshold=2000}, young=GcThreshold{name='young', warnThreshold=1000, infoThreshold=700, debugThreshold=400}, old=GcThreshold{name='old', warnThreshold=10000, infoThreshold=5000, debugThreshold=2000}}];
>>> [2016-03-03T18:18:34.191027] [Collector] Using probe [org.elasticsearch.monitor.os.JmxOsProbe at 26ae880a] with refresh_interval [1s];
>>> [2016-03-03T18:18:34.194928] [Collector] Using probe [org.elasticsearch.monitor.process.JmxProcessProbe at 185f7840] with refresh_interval [1s];
>>> [2016-03-03T18:18:34.199815] [Collector] Using refresh_interval [1s];
>>> [2016-03-03T18:18:34.200034] [Collector] Using probe [org.elasticsearch.monitor.network.JmxNetworkProbe at 5bdd5689] with refresh_interval [5s];
>>> [2016-03-03T18:18:34.201619] [Collector] net_info
>>> host [dev-applog01]
>>> eth91 display_name [eth91]
>>> address [/172.16.100.137]
>>> mtu [1500] multicast [true] ptp [false] loopback [false] up [true] virtual [false]
>>> lo display_name [lo]
>>> address [/127.0.0.1]
>>> mtu [65536] multicast [false] ptp [false] loopback [true] up [true] virtual [false]
>>> ;
>>> [2016-03-03T18:18:34.202074] [Collector] Using probe [org.elasticsearch.monitor.fs.JmxFsProbe at 4c03a37] with refresh_interval [1s];
>>> [2016-03-03T18:18:34.205731] using gathering [true];
>>> [2016-03-03T18:18:34.231260] [Collector] using minimum_master_nodes [-1];
>>> [2016-03-03T18:18:34.232708] [Collector] using group [224.2.2.4], with port [54328], ttl [3], and address [null];
>>> [2016-03-03T18:18:34.236211] [Collector] using initial hosts [], with concurrent_connects [10];
>>> [2016-03-03T18:18:34.237273] [Collector] using ping.timeout [3s], join.timeout [1m], master_election.filter_client [true], master_election.filter_data [false];
>>> [2016-03-03T18:18:34.238426] [Collector] [master] uses ping_interval [1s], ping_timeout [30s], ping_retries [3];
>>> [2016-03-03T18:18:34.240570] [Collector] [node ] uses ping_interval [1s], ping_timeout [30s], ping_retries [3];
>>> [2016-03-03T18:18:34.541911] [Collector] using script cache with max_size [100], expire [null];
>>> [2016-03-03T18:18:34.548568] [Collector] using node_concurrent_recoveries [2], node_initial_primaries_recoveries [4];
>>> [2016-03-03T18:18:34.549223] [Collector] using [cluster.routing.allocation.allow_rebalance] with [indices_all_active];
>>> [2016-03-03T18:18:34.549680] [Collector] using [cluster_concurrent_rebalance] with [2];
>>> [2016-03-03T18:18:34.551350] [Collector] using max_bytes_per_sec[40mb], concurrent_streams [3], file_chunk_size [512kb], translog_size [512kb], translog_ops [1000], and compress [true];
>>> [2016-03-03T18:18:34.580063] [Collector] using initial_shards [quorum];
>>> [2016-03-03T18:18:34.684545] [Collector] using max_chunk_size[8kb], max_header_size[8kb], max_initial_line_length[4kb], max_content_length[100mb], receive_predictor[512kb->512kb], pipelining[true], pipelining_max_events[10000];
>>> [2016-03-03T18:18:34.700545] [Collector] using indices.store.throttle.type [MERGE], with index.store.throttle.max_bytes_per_sec [20mb];
>>> [2016-03-03T18:18:34.701314] [Collector] using index_buffer_size [354mb], with min_shard_index_buffer_size [4mb], max_shard_index_buffer_size [512mb], shard_inactive_time [5m];
>>> [2016-03-03T18:18:34.702141] [Collector] using [node] weighted filter cache with size [10%], actual_size [354mb], expire [null], clean_interval [1m];
>>> [2016-03-03T18:18:34.703351] [Collector] using size [-1] [-1b], expire [null];
>>> [2016-03-03T18:18:34.730215] [Collector] using gateway.local.auto_import_dangled [YES], gateway.local.delete_timeout [30s], with gateway.local.dangling_timeout [2h];
>>> [2016-03-03T18:18:34.731851] [Collector] using enabled [false], host [null], port [9700-9800], bulk_actions [1000], bulk_size [5mb], flush_interval [5s], concurrent_requests [4];
>>> [2016-03-03T18:18:34.738136] [Collector] initialized;
>>> [2016-03-03T18:18:34.738200] [Collector] starting ...;
>>> [2016-03-03T18:18:34.754072] Using select timeout of 500;
>>> [2016-03-03T18:18:34.754121] Epoll-bug workaround enabled = false;
>>> [2016-03-03T18:18:34.775549] [Collector] using profile[default], worker_count[4], port[9300-9400], bind_host[null], publish_host[null], compress[false], connect_timeout[30s], connections_per_node[2/3/6/1/1], receive_predictor[512kb->512kb];
>>> [2016-03-03T18:18:34.800996] [Collector] Bound profile [default] to address [/0.0.0.0:9301];
>>> [2016-03-03T18:18:34.803168] [Collector] bound_address {inet[/0.0.0.0:9301]}, publish_address {inet[/172.16.100.137:9301]};
>>> [2016-03-03T18:18:34.820210] [Collector] dev-elasticsearch/ssVO8lJIT_OSDIr0Hw8vyA;
>>> [2016-03-03T18:18:34.820833] [Collector] processing [initial_join]: execute;
>>> [2016-03-03T18:18:34.821474] [Collector] processing [initial_join]: took 0s no change in cluster_state;
>>> [2016-03-03T18:18:38.584284] [Collector] filtered ping responses: (filter_client[true], filter_data[false]) {none};
>>> [2016-03-03T18:18:39.820568] [Collector] waited for 5s and no initial state was set by the discovery;
>>> [2016-03-03T18:18:39.820773] [Collector] can't wait on start for (possibly) reading state from gateway, will do it asynchronously;
>>> [2016-03-03T18:18:39.827304] [Collector] bound_address {inet[/0.0.0.0:9201]}, publish_address {inet[/172.16.100.137:9201]};
>>> [2016-03-03T18:18:39.827533] [Collector] started;
>>> [2016-03-03T18:18:39.829568] Worker thread started; driver='d_elasticsearch#0'
>>> [2016-03-03T18:18:39.829805] connecting to cluster, cluster_name='dev-elasticsearch';
>>> [2016-03-03T18:18:39.829840] Running application hooks; hook='1'
>>> [2016-03-03T18:18:39.829849] Running application hooks; hook='3'
>>> [2016-03-03T18:18:39.829887] syslog-ng starting up; version='3.7.2'
>>> [2016-03-03T18:18:39.834090] [Collector] no known master node, scheduling a retry;
>>> [2016-03-03T18:18:42.335988] [Collector] filtered ping responses: (filter_client[true], filter_data[false]) {none};
>>> [2016-03-03T18:18:44.841864] [Collector] observer: timeout notification from cluster service. timeout setting [5s], time since start [5s];
>>> [2016-03-03T18:18:44.843797] Failed to connect to dev-elasticsearch, reason='waited for [5s]';
>>> [2016-03-03T18:18:46.087601] [Collector] filtered ping responses: (filter_client[true], filter_data[false]) {none};
>>> [2016-03-03T18:18:49.839455] [Collector] filtered ping responses: (filter_client[true], filter_data[false]) {none};
>>> [2016-03-03T18:18:53.591086] [Collector] filtered ping responses: (filter_client[true], filter_data[false]) {none};
>>> [2016-03-03T18:18:54.853069] connecting to cluster, cluster_name='dev-elasticsearch';
>>> [2016-03-03T18:18:54.853215] [Collector] no known master node, scheduling a retry;
>>> ^C[2016-03-03T18:18:55.760700] syslog-ng shutting down; version='3.7.2'
>>> [2016-03-03T18:18:57.343157] [Collector] filtered ping responses: (filter_client[true], filter_data[false]) {none};
>>> [2016-03-03T18:18:59.853603] [Collector] observer: timeout notification from cluster service. timeout setting [5s], time since start [5s];
>>> [2016-03-03T18:18:59.853990] Failed to connect to dev-elasticsearch, reason='waited for [5s]';
>>> [2016-03-03T18:18:59.854109] Worker thread finished; driver='d_elasticsearch#0'
>>> [2016-03-03T18:18:59.854295] Closing log transport fd; fd='12'
>>> [2016-03-03T18:18:59.854458] [Collector] stopping ...;
>>> [2016-03-03T18:18:59.862200] [Collector] stopped;
>>> [2016-03-03T18:18:59.862247] [Collector] closing ...;
>>> [2016-03-03T18:18:59.868335] [Collector] closed;
>>> [2016-03-03T18:18:59.868583] Java machine free;
>>> [2016-03-03T18:18:59.880134] Running application hooks; hook='4'
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> This then goes on ad-finitum.
>>>
>>>
>>> Any troubleshooting tips ?
>>>
>>>
>>> Thanks in advance
>>>
>>>
>>>
>>>
>>> --------------------------------------------------------------------------------------------------------------------------
>>> This email has been sent to you on behalf of Nephila Advisors LLC (“Advisors”). Advisors provides consultancy services to Nephila Capital Ltd. (“Capital”), an investment advisor managed and carrying on business in Bermuda. Advisors and its employees do not act as agents for Capital or the funds it advises and do not have the authority to bind Capital or such funds to any transaction or agreement.
>>>
>>> The information in this e-mail, and any attachment therein, is confidential and for use by the addressee only. Any use, disclosure, reproduction, modification or distribution of the contents of this e-mail, or any part thereof, other than by the intended recipient, is strictly prohibited. If you are not the intended recipient, please return the e-mail to the sender and delete it from your computer. This email is for information purposes only, nothing contained herein constitutes an offer to sell or buy securities, as such an offer may only be made from a properly authorized offering document. Although Nephila attempts to sweep e-mail and attachments for viruses, it does not guarantee that either are virus-free and accepts no liability for any damage sustained as a result of viruses.
>>> --------------------------------------------------------------------------------------------------------------------------
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
> --------------------------------------------------------------------------------------------------------------------------
> This email has been sent to you on behalf of Nephila Advisors LLC (“Advisors”). Advisors provides consultancy services to Nephila Capital Ltd. (“Capital”), an investment advisor managed and carrying on business in Bermuda. Advisors and its employees do not act as agents for Capital or the funds it advises and do not have the authority to bind Capital or such funds to any transaction or agreement.
>
> The information in this e-mail, and any attachment therein, is confidential and for use by the addressee only. Any use, disclosure, reproduction, modification or distribution of the contents of this e-mail, or any part thereof, other than by the intended recipient, is strictly prohibited. If you are not the intended recipient, please return the e-mail to the sender and delete it from your computer. This email is for information purposes only, nothing contained herein constitutes an offer to sell or buy securities, as such an offer may only be made from a properly authorized offering document. Although Nephila attempts to sweep e-mail and attachments for viruses, it does not guarantee that either are virus-free and accepts no liability for any damage sustained as a result of viruses.
> --------------------------------------------------------------------------------------------------------------------------
More information about the syslog-ng
mailing list