[syslog-ng] Installing Syslog-NG 3.7 on CentOS 7

Szalai, Attila Attila.Szalai at morganstanley.com
Thu May 12 12:36:29 CEST 2016


Hi,



It doesn’t need to be a listening socket. Every "type" of socket (listening, established and time_wait) also can occupy that port.



I suggest using the "netstat -antup | grep 6514" to check what other process uses that port.




From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Ivan Adji - Krstev
Sent: Thursday, May 12, 2016 11:26 AM
To: syslog-ng at lists.balabit.hu
Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7

So i have install EPEL and i have install syslog-ng and mongodb and when i start the syslog-ng service with syslog-ng -Fevd command i have the following error AGAIN :).

Im not sure what is it and how to prevent it and what to do. But i really need this to work :(.

[2016-05-12T05:21:10.739940] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)'
[2016-05-12T05:21:10.739973] Error initializing message pipeline;


[root at syslogserver loganalyzer]# netstat -tupl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost:27017         0.0.0.0:*               LISTEN      1352/mongod
tcp        0      0 0.0.0.0:syslog-tls      0.0.0.0:*               LISTEN      11377/syslog-ng
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN      8562/sshd
tcp        0      0 localhost:smtp          0.0.0.0:*               LISTEN      1778/master
tcp6       0      0 [::]:http               [::]:*                  LISTEN      11264/httpd
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      8562/sshd
tcp6       0      0 localhost:smtp          [::]:*                  LISTEN      1778/master
udp        0      0 0.0.0.0:bootpc          0.0.0.0:*                           638/dhclient
udp        0      0 0.0.0.0:60094           0.0.0.0:*                           638/dhclient
udp6       0      0 [::]:3126               [::]:*                              638/dhclient



[root at syslogserver loganalyzer]# lsof | grep LISTEN
mongod     1352        mongod    6u     IPv4              17057       0t0        TCP localhost:27017 (LISTEN)
mongod     1352  1393  mongod    6u     IPv4              17057       0t0        TCP localhost:27017 (LISTEN)
mongod     1352  2028  mongod    6u     IPv4              17057       0t0        TCP localhost:27017 (LISTEN)
mongod     1352  2033  mongod    6u     IPv4              17057       0t0        TCP localhost:27017 (LISTEN)
mongod     1352  2034  mongod    6u     IPv4              17057       0t0        TCP localhost:27017 (LISTEN)
mongod     1352  2138  mongod    6u     IPv4              17057       0t0        TCP localhost:27017 (LISTEN)
mongod     1352  2139  mongod    6u     IPv4              17057       0t0        TCP localhost:27017 (LISTEN)
mongod     1352  2141  mongod    6u     IPv4              17057       0t0        TCP localhost:27017 (LISTEN)
mongod     1352  2148  mongod    6u     IPv4              17057       0t0        TCP localhost:27017 (LISTEN)
mongod     1352  2404  mongod    6u     IPv4              17057       0t0        TCP localhost:27017 (LISTEN)
mongod     1352  2446  mongod    6u     IPv4              17057       0t0        TCP localhost:27017 (LISTEN)
mongod     1352  2447  mongod    6u     IPv4              17057       0t0        TCP localhost:27017 (LISTEN)
mongod     1352  2448  mongod    6u     IPv4              17057       0t0        TCP localhost:27017 (LISTEN)
mongod     1352  2449  mongod    6u     IPv4              17057       0t0        TCP localhost:27017 (LISTEN)
mongod     1352  2450  mongod    6u     IPv4              17057       0t0        TCP localhost:27017 (LISTEN)
mongod     1352  2451  mongod    6u     IPv4              17057       0t0        TCP localhost:27017 (LISTEN)
mongod     1352 11380  mongod    6u     IPv4              17057       0t0        TCP localhost:27017 (LISTEN)
master     1778          root   13u     IPv4              15893       0t0        TCP localhost:smtp (LISTEN)
master     1778          root   14u     IPv6              15894       0t0        TCP localhost:smtp (LISTEN)
sshd       8562          root    3u     IPv4              23963       0t0        TCP *:ssh (LISTEN)
sshd       8562          root    4u     IPv6              23965       0t0        TCP *:ssh (LISTEN)
httpd     11264          root    4u     IPv6              32697       0t0        TCP *:http (LISTEN)
httpd     11265        apache    4u     IPv6              32697       0t0        TCP *:http (LISTEN)
httpd     11267        apache    4u     IPv6              32697       0t0        TCP *:http (LISTEN)
httpd     11268        apache    4u     IPv6              32697       0t0        TCP *:http (LISTEN)
httpd     11269        apache    4u     IPv6              32697       0t0        TCP *:http (LISTEN)
httpd     11270        apache    4u     IPv6              32697       0t0        TCP *:http (LISTEN)
httpd     11275        apache    4u     IPv6              32697       0t0        TCP *:http (LISTEN)
httpd     11276        apache    4u     IPv6              32697       0t0        TCP *:http (LISTEN)
httpd     11277        apache    4u     IPv6              32697       0t0        TCP *:http (LISTEN)
httpd     11278        apache    4u     IPv6              32697       0t0        TCP *:http (LISTEN)
syslog-ng 11377          root   14u     IPv4              34906       0t0        TCP *:syslog-tls (LISTEN)
syslog-ng 11377 11378    root   14u     IPv4              34906       0t0        TCP *:syslog-tls (LISTEN)
syslog-ng 11377 11541    root   14u     IPv4              34906       0t0        TCP *:syslog-tls (LISTEN)
httpd     11384        apache    4u     IPv6              32697       0t0        TCP *:http (LISTEN)



and the source config is as follow:

source s_sys {
    system();
    unix-stream("/dev/log");
    internal();
    network(
    port(6514)
#       tcp(port(5140));
#    file("/proc/kmsg" log_prefix("kernel: "));
    transport("tls")
    tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem")
    cert_file("/etc/syslog-ng/cert.d/servercert.pem")
    ca_dir("/etc/syslog-ng/ca.d"))
    );
    };




destination d_mongodb {
    mongodb(
#    servers("localhost:27017")
#        database("syslog")
#    uri('mongodb://localhost/syslog-ng')
    collection("messages")
    value-pairs(
    scope("selected-macros" "nv-pairs" "sdata")
    )
    );
    };


Kind regards
Ivan
On 05/10/2016 01:35 PM, Czanik, Péter wrote:

Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL,

as some of the dependencies are missing from the base distribution:

https://fedoraproject.org/wiki/EPEL



Bye,

Peter Czanik (CzP) <peter.czanik at balabit.com><mailto:peter.czanik at balabit.com>

Balabit / syslog-ng upstream

http://czanik.blogs.balabit.com/

https://twitter.com/PCzanik





On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev

<akivanradix at gmail.com><mailto:akivanradix at gmail.com> wrote:

Hi i note this error of mine but i try the other one:



https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo

And i have the similar errors when ever i try to install on new CentOS



The procedure im doing is: Fresh installation of CentOS

yum update

yum install httpd php vim wget

then install mongodb ( add repo )

then install syslog-ng ( add repo )



I'm using: CentOS Linux release 7.2.1511 (Core)

And im having the following repos:



[root at syslogserver ~]# yum repolist

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

 * base: mirror.switch.ch

 * extras: mirror.switch.ch

 * updates: mirror.switch.ch

repo id

repo name

status

base/7/x86_64

CentOS-7 - Base

9,007

czanik-syslog-ng37/x86_64

Copr repo for syslog-ng37 owned by czanik

59

extras/7/x86_64

CentOS-7 - Extras

266

mongodb-org-3.2/7

MongoDB Repository

35

updates/7/x86_64

CentOS-7 - Updates

1,437

repolist: 10,804





[root at syslogserver ~]# yum install syslog-ng

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

 * base: mirror.switch.ch

 * extras: mirror.switch.ch

 * updates: mirror.switch.ch

Resolving Dependencies

--> Running transaction check

---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed

--> Processing Dependency: ivykis >= 0.36.1 for package:

syslog-ng-3.7.3-3.el7.centos.x86_64

--> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:

syslog-ng-3.7.3-3.el7.centos.x86_64

--> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:

syslog-ng-3.7.3-3.el7.centos.x86_64

--> Processing Dependency: libevtlog.so.0()(64bit) for package:

syslog-ng-3.7.3-3.el7.centos.x86_64

--> Processing Dependency: libivykis.so.0()(64bit) for package:

syslog-ng-3.7.3-3.el7.centos.x86_64

--> Processing Dependency: libnet.so.1()(64bit) for package:

syslog-ng-3.7.3-3.el7.centos.x86_64

--> Running transaction check

---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed

---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed

--> Processing Dependency: ivykis >= 0.36.1 for package:

syslog-ng-3.7.3-3.el7.centos.x86_64

--> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:

syslog-ng-3.7.3-3.el7.centos.x86_64

--> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:

syslog-ng-3.7.3-3.el7.centos.x86_64

--> Processing Dependency: libevtlog.so.0()(64bit) for package:

syslog-ng-3.7.3-3.el7.centos.x86_64

--> Processing Dependency: libivykis.so.0()(64bit) for package:

syslog-ng-3.7.3-3.el7.centos.x86_64

--> Finished Dependency Resolution

Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)

           Requires: libivykis.so.0(IVYKIS_0.30)(64bit)

Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)

           Requires: libivykis.so.0()(64bit)

Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)

           Requires: ivykis >= 0.36.1

Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)

           Requires: libevtlog.so.0()(64bit)

Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)

           Requires: libivykis.so.0(IVYKIS_0.29)(64bit)

 You could try using --skip-broken to work around the problem

 You could try running: rpm -Va --nofiles --nodigest





Any idea ?





On 05/09/2016 04:09 PM, Czanik, Péter wrote:



Hi,



You should add the repository using the file:

https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo

to yum and not just download individual packages. You can use then

"yum install syslog-ng" which will also download all necessary

dependencies.



Bye,

Peter Czanik (CzP) <peter.czanik at balabit.com><mailto:peter.czanik at balabit.com>

Balabit / syslog-ng upstream

http://czanik.blogs.balabit.com/

https://twitter.com/PCzanik





On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev

<akivanradix at gmail.com><mailto:akivanradix at gmail.com> wrote:



I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7





I have problem when i try to install Syslog-NG 3.7 on CentOS 7.



The following errors i get:



--> Finished Dependency Resolution

Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)

           Requires: libevtlog.so.0()(64bit)

Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)

           Requires: libpcre.so.0()(64bit)

 You could try using --skip-broken to work around the problem

 You could try running: rpm -Va --nofiles --nodigest





Any hints on this ?



Kind regards

Ivan



______________________________________________________________________________

Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng

Documentation:

http://www.balabit.com/support/documentation/?product=syslog-ng

FAQ: http://www.balabit.com/wiki/syslog-ng-faq





______________________________________________________________________________

Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng

Documentation:

http://www.balabit.com/support/documentation/?product=syslog-ng

FAQ: http://www.balabit.com/wiki/syslog-ng-faq







______________________________________________________________________________

Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng

Documentation:

http://www.balabit.com/support/documentation/?product=syslog-ng

FAQ: http://www.balabit.com/wiki/syslog-ng-faq





______________________________________________________________________________

Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng

Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng

FAQ: http://www.balabit.com/wiki/syslog-ng-faq





________________________________

NOTICE: Morgan Stanley is not acting as a municipal advisor and the opinions or views contained herein are not intended to be, and do not constitute, advice within the meaning of Section 975 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. If you have received this communication in error, please destroy all electronic and paper copies; do not disclose, use or act upon the information; and notify the sender immediately. Mistransmission is not intended to waive confidentiality or privilege. Morgan Stanley reserves the right, to the extent permitted under applicable law, to monitor electronic communications. This message is subject to terms available at the following link: http://www.morganstanley.com/disclaimers If you cannot access these links, please notify us by reply message and we will send the contents to you. By messaging with Morgan Stanley you consent to the foregoing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160512/b8d43368/attachment-0001.htm 


More information about the syslog-ng mailing list