[syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
Várady, László
laszlo.varady at balabit.com
Thu May 12 13:43:00 CEST 2016
Hi,
Did you stop the syslog-ng daemon (systemctl stop syslog-ng) before running
'syslog-ng -Fevd' manually?
--
László Várady
On Thu, May 12, 2016 at 1:16 PM, Ivan Adji - Krstev <akivanradix at gmail.com>
wrote:
> OK so i get syslog-ng running with the default configuration.... this
> have some problem with the TLS configuration.
>
> What i have done i have create the certificate procedures ( self signed
> certificate ) on my laptop following this article:
> <https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-tutorial-mutual-auth-tls/html/create-server-certificate.html>
> https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-tutorial-mutual-auth-tls/html/create-server-certificate.html
>
> So i generate the server certificate on my laptop and the other
> certificates for the clients. I copy them and put the configuration.
>
> Any other configuration in syslog-ng.conf to put and try to working with
> TLS ?
>
> Kind regards
>
>
>
> On 05/12/2016 12:42 PM, jrhendri wrote:
>
> This has to be something very basic.
> Have you tried checking if another syslog server is running?
> ps -aef |grep syslog
>
> Assuming this shows nothing, try a very simple syslog-ng config file and a
> manual start on the command line.
>
> Make sure you check all the things in your configuration that your copy
> should open beforehand.
>
> This should narrow down the problem I hope :-)
>
> Jim
>
>
>
>
>
>
>
> Sent from my Verizon, Samsung Galaxy smartphone
>
> -------- Original message --------
> From: Ivan Adji - Krstev <akivanradix at gmail.com> <akivanradix at gmail.com>
> Date: 5/12/16 5:26 AM (GMT-05:00)
> To: syslog-ng at lists.balabit.hu
> Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
>
> So i have install EPEL and i have install syslog-ng and mongodb and when i
> start the syslog-ng service with *syslog-ng -Fevd *command i have the
> following error AGAIN :).
>
> Im not sure what is it and how to prevent it and what to do. But i really
> need this to work :(.
>
> [2016-05-12T05:21:10.739940] Error binding socket;
> addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)'
> [2016-05-12T05:21:10.739973] Error initializing message pipeline;
>
>
> [root at syslogserver loganalyzer]# netstat -tupl
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign Address
> State PID/Program name
> tcp 0 0 localhost:27017 0.0.0.0:*
> LISTEN 1352/mongod
> tcp 0 0 0.0.0.0:syslog-tls 0.0.0.0:*
> LISTEN 11377/syslog-ng
> tcp 0 0 0.0.0.0:ssh 0.0.0.0:*
> LISTEN 8562/sshd
> tcp 0 0 localhost:smtp 0.0.0.0:*
> LISTEN 1778/master
> tcp6 0 0 [::]:http [::]:*
> LISTEN 11264/httpd
> tcp6 0 0 [::]:ssh [::]:*
> LISTEN 8562/sshd
> tcp6 0 0 localhost:smtp [::]:*
> LISTEN 1778/master
> udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
> 638/dhclient
> udp 0 0 0.0.0.0:60094 0.0.0.0:*
> 638/dhclient
> udp6 0 0 [::]:3126
> [::]:* 638/dhclient
>
>
>
> [root at syslogserver loganalyzer]# lsof | grep LISTEN
> mongod 1352 mongod 6u IPv4 17057
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1352 1393 mongod 6u IPv4 17057
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1352 2028 mongod 6u IPv4 17057
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1352 2033 mongod 6u IPv4 17057
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1352 2034 mongod 6u IPv4 17057
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1352 2138 mongod 6u IPv4 17057
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1352 2139 mongod 6u IPv4 17057
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1352 2141 mongod 6u IPv4 17057
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1352 2148 mongod 6u IPv4 17057
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1352 2404 mongod 6u IPv4 17057
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1352 2446 mongod 6u IPv4 17057
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1352 2447 mongod 6u IPv4 17057
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1352 2448 mongod 6u IPv4 17057
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1352 2449 mongod 6u IPv4 17057
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1352 2450 mongod 6u IPv4 17057
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1352 2451 mongod 6u IPv4 17057
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1352 11380 mongod 6u IPv4 17057
> 0t0 TCP localhost:27017 (LISTEN)
> master 1778 root 13u IPv4 15893
> 0t0 TCP localhost:smtp (LISTEN)
> master 1778 root 14u IPv6 15894
> 0t0 TCP localhost:smtp (LISTEN)
> sshd 8562 root 3u IPv4 23963
> 0t0 TCP *:ssh (LISTEN)
> sshd 8562 root 4u IPv6 23965
> 0t0 TCP *:ssh (LISTEN)
> httpd 11264 root 4u IPv6 32697
> 0t0 TCP *:http (LISTEN)
> httpd 11265 apache 4u IPv6 32697
> 0t0 TCP *:http (LISTEN)
> httpd 11267 apache 4u IPv6 32697
> 0t0 TCP *:http (LISTEN)
> httpd 11268 apache 4u IPv6 32697
> 0t0 TCP *:http (LISTEN)
> httpd 11269 apache 4u IPv6 32697
> 0t0 TCP *:http (LISTEN)
> httpd 11270 apache 4u IPv6 32697
> 0t0 TCP *:http (LISTEN)
> httpd 11275 apache 4u IPv6 32697
> 0t0 TCP *:http (LISTEN)
> httpd 11276 apache 4u IPv6 32697
> 0t0 TCP *:http (LISTEN)
> httpd 11277 apache 4u IPv6 32697
> 0t0 TCP *:http (LISTEN)
> httpd 11278 apache 4u IPv6 32697
> 0t0 TCP *:http (LISTEN)
> syslog-ng 11377 root 14u IPv4 34906
> 0t0 TCP *:syslog-tls (LISTEN)
> syslog-ng 11377 11378 root 14u IPv4 34906
> 0t0 TCP *:syslog-tls (LISTEN)
> syslog-ng 11377 11541 root 14u IPv4 34906
> 0t0 TCP *:syslog-tls (LISTEN)
> httpd 11384 apache 4u IPv6 32697
> 0t0 TCP *:http (LISTEN)
>
>
>
> and the source config is as follow:
>
> source s_sys {
> system();
> unix-stream("/dev/log");
> internal();
> network(
> port(6514)
> # tcp(port(5140));
> # file("/proc/kmsg" log_prefix("kernel: "));
> transport("tls")
> tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem")
> cert_file("/etc/syslog-ng/cert.d/servercert.pem")
> ca_dir("/etc/syslog-ng/ca.d"))
> );
> };
>
>
>
>
> destination d_mongodb {
> mongodb(
> # servers("localhost:27017")
> # database("syslog")
> # uri('mongodb://localhost/syslog-ng')
> collection("messages")
> value-pairs(
> scope("selected-macros" "nv-pairs" "sdata")
> )
> );
> };
>
>
> Kind regards
> Ivan
>
> On 05/10/2016 01:35 PM, Czanik, Péter wrote:
>
> Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL,
> as some of the dependencies are missing from the base distribution:https://fedoraproject.org/wiki/EPEL
>
> Bye,
> Peter Czanik (CzP) <peter.czanik at balabit.com> <peter.czanik at balabit.com>
> Balabit / syslog-ng upstreamhttp://czanik.blogs.balabit.com/https://twitter.com/PCzanik
>
>
> On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev<akivanradix at gmail.com> <akivanradix at gmail.com> wrote:
>
> Hi i note this error of mine but i try the other one:
> https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo
> And i have the similar errors when ever i try to install on new CentOS
>
> The procedure im doing is: Fresh installation of CentOS
> yum update
> yum install httpd php vim wget
> then install mongodb ( add repo )
> then install syslog-ng ( add repo )
>
> I'm using: CentOS Linux release 7.2.1511 (Core)
> And im having the following repos:
>
> [root at syslogserver ~]# yum repolist
> Loaded plugins: fastestmirror
> Loading mirror speeds from cached hostfile
> * base: mirror.switch.ch
> * extras: mirror.switch.ch
> * updates: mirror.switch.ch
> repo id
> repo name
> status
> base/7/x86_64
> CentOS-7 - Base
> 9,007
> czanik-syslog-ng37/x86_64
> Copr repo for syslog-ng37 owned by czanik
> 59
> extras/7/x86_64
> CentOS-7 - Extras
> 266
> mongodb-org-3.2/7
> MongoDB Repository
> 35
> updates/7/x86_64
> CentOS-7 - Updates
> 1,437
> repolist: 10,804
>
>
> [root at syslogserver ~]# yum install syslog-ng
> Loaded plugins: fastestmirror
> Loading mirror speeds from cached hostfile
> * base: mirror.switch.ch
> * extras: mirror.switch.ch
> * updates: mirror.switch.ch
> Resolving Dependencies
> --> Running transaction check
> ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed
> --> Processing Dependency: ivykis >= 0.36.1 for package:
> syslog-ng-3.7.3-3.el7.centos.x86_64
> --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:
> syslog-ng-3.7.3-3.el7.centos.x86_64
> --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:
> syslog-ng-3.7.3-3.el7.centos.x86_64
> --> Processing Dependency: libevtlog.so.0()(64bit) for package:
> syslog-ng-3.7.3-3.el7.centos.x86_64
> --> Processing Dependency: libivykis.so.0()(64bit) for package:
> syslog-ng-3.7.3-3.el7.centos.x86_64
> --> Processing Dependency: libnet.so.1()(64bit) for package:
> syslog-ng-3.7.3-3.el7.centos.x86_64
> --> Running transaction check
> ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed
> ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed
> --> Processing Dependency: ivykis >= 0.36.1 for package:
> syslog-ng-3.7.3-3.el7.centos.x86_64
> --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:
> syslog-ng-3.7.3-3.el7.centos.x86_64
> --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:
> syslog-ng-3.7.3-3.el7.centos.x86_64
> --> Processing Dependency: libevtlog.so.0()(64bit) for package:
> syslog-ng-3.7.3-3.el7.centos.x86_64
> --> Processing Dependency: libivykis.so.0()(64bit) for package:
> syslog-ng-3.7.3-3.el7.centos.x86_64
> --> Finished Dependency Resolution
> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
> Requires: libivykis.so.0(IVYKIS_0.30)(64bit)
> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
> Requires: libivykis.so.0()(64bit)
> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
> Requires: ivykis >= 0.36.1
> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
> Requires: libevtlog.so.0()(64bit)
> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
> Requires: libivykis.so.0(IVYKIS_0.29)(64bit)
> You could try using --skip-broken to work around the problem
> You could try running: rpm -Va --nofiles --nodigest
>
>
> Any idea ?
>
>
> On 05/09/2016 04:09 PM, Czanik, Péter wrote:
>
> Hi,
>
> You should add the repository using the file:https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo
> to yum and not just download individual packages. You can use then
> "yum install syslog-ng" which will also download all necessary
> dependencies.
>
> Bye,
> Peter Czanik (CzP) <peter.czanik at balabit.com> <peter.czanik at balabit.com>
> Balabit / syslog-ng upstreamhttp://czanik.blogs.balabit.com/https://twitter.com/PCzanik
>
>
> On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev<akivanradix at gmail.com> <akivanradix at gmail.com> wrote:
>
> I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
>
>
> I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
>
> The following errors i get:
>
> --> Finished Dependency Resolution
> Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)
> Requires: libevtlog.so.0()(64bit)
> Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)
> Requires: libpcre.so.0()(64bit)
> You could try using --skip-broken to work around the problem
> You could try running: rpm -Va --nofiles --nodigest
>
>
> Any hints on this ?
>
> Kind regards
> Ivan
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160512/b67860a6/attachment-0001.htm
More information about the syslog-ng
mailing list