[syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
Ivan Adji - Krstev
akivanradix at gmail.com
Thu May 12 13:45:52 CEST 2016
Hi,
I have stoped now and here it is:
[root at syslogserver syslog-ng]# systemctl status syslog-ng
● syslog-ng.service - System Logger Daemon
Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled;
vendor preset: enabled)
Active: inactive (dead) since Thu 2016-05-12 13:34:10 CEST; 10min ago
Docs: man:syslog-ng(8)
Process: 2692 ExecStart=/usr/sbin/syslog-ng -F $SYSLOGNG_OPTS -p
/var/run/syslogd.pid (code=exited, status=0/SUCCESS)
Main PID: 2692 (code=exited, status=0/SUCCESS)
Status: "Shutting down... (Thu May 12 13:34:10 2016"
May 12 13:34:01 syslogserver.novalocal systemd[1]: Starting System
Logger Daemon...
May 12 13:34:01 syslogserver.novalocal systemd[1]: Started System Logger
Daemon.
May 12 13:34:10 syslogserver.novalocal systemd[1]: Stopping System
Logger Daemon...
May 12 13:34:10 syslogserver.novalocal systemd[1]: Stopped System Logger
Daemon.
And *Syslog-ng -Fevd *gives me lot of output:
[2016-05-12T13:45:14.913916] Filter rule evaluation begins;
rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18'
[2016-05-12T13:45:14.913925] Filter node evaluation result;
result='not-match', type='facility'
[2016-05-12T13:45:14.913936] Filter rule evaluation result;
result='not-match', rule='f_cron',
location='/etc/syslog-ng/syslog-ng.conf:60:18'
[2016-05-12T13:45:14.914140] Outgoing message; message='May 12 13:45:14
syslogserver.novalocal nm-dispatcher[2935]: Dispatching action
\'dhcp4-change\' for eth0
'
[2016-05-12T13:45:18.702887] Error opening TLS file;
filename='/usr/local/etc/syslog-ng/cert.d/serverkey.pem', error='No such
file or directory (2)'
[2016-05-12T13:45:18.702938] Error opening TLS file;
filename='/usr/local/etc/syslog-ng/cert.d/servercert.pem', error='No
such file or directory (2)'
[2016-05-12T13:45:18.703025] Error setting up TLS session context;
tls_error='SSL routines:SSL_CTX_check_private_key:no certificate assigned'
[2016-05-12T13:45:28.718534] Error opening TLS file;
filename='/usr/local/etc/syslog-ng/cert.d/serverkey.pem', error='No such
file or directory (2)'
[2016-05-12T13:45:28.718625] Error opening TLS file;
filename='/usr/local/etc/syslog-ng/cert.d/servercert.pem', error='No
such file or directory (2)'
[2016-05-12T13:45:28.718652] Error setting up TLS session context;
tls_error='SSL routines:SSL_CTX_check_private_key:no certificate assigned'
Kind regards
Ivan
On 05/12/2016 01:43 PM, Várady, László wrote:
> Hi,
>
> Did you stop the syslog-ng daemon (systemctl stop syslog-ng) before
> running 'syslog-ng -Fevd' manually?
>
> --
> László Várady
>
> On Thu, May 12, 2016 at 1:16 PM, Ivan Adji - Krstev
> <akivanradix at gmail.com <mailto:akivanradix at gmail.com>> wrote:
>
> OK so i get syslog-ng running with the default configuration....
> this have some problem with the TLS configuration.
>
> What i have done i have create the certificate procedures ( self
> signed certificate ) on my laptop following this article:
> https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-tutorial-mutual-auth-tls/html/create-server-certificate.html
>
> So i generate the server certificate on my laptop and the other
> certificates for the clients. I copy them and put the configuration.
>
> Any other configuration in syslog-ng.conf to put and try to
> working with TLS ?
>
> Kind regards
>
>
>
> On 05/12/2016 12:42 PM, jrhendri wrote:
>> This has to be something very basic.
>> Have you tried checking if another syslog server is running?
>> ps -aef |grep syslog
>>
>> Assuming this shows nothing, try a very simple syslog-ng config
>> file and a manual start on the command line.
>>
>> Make sure you check all the things in your configuration that
>> your copy should open beforehand.
>>
>> This should narrow down the problem I hope :-)
>>
>> Jim
>>
>>
>>
>>
>>
>>
>>
>> Sent from my Verizon, Samsung Galaxy smartphone
>>
>> -------- Original message --------
>> From: Ivan Adji - Krstev <akivanradix at gmail.com>
>> <mailto:akivanradix at gmail.com>
>> Date: 5/12/16 5:26 AM (GMT-05:00)
>> To: syslog-ng at lists.balabit.hu <mailto:syslog-ng at lists.balabit.hu>
>> Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
>>
>> So i have install EPEL and i have install syslog-ng and mongodb
>> and when i start the syslog-ng service with *syslog-ng -Fevd
>> *command i have the following error AGAIN :).
>>
>> Im not sure what is it and how to prevent it and what to do. But
>> i really need this to work :(.
>>
>> [2016-05-12T05:21:10.739940] Error binding socket;
>> addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)'
>> [2016-05-12T05:21:10.739973] Error initializing message pipeline;
>>
>>
>> [root at syslogserver loganalyzer]# netstat -tupl
>> Active Internet connections (only servers)
>> Proto Recv-Q Send-Q Local Address Foreign
>> Address State PID/Program name
>> tcp 0 0 localhost:27017
>> 0.0.0.0:* LISTEN 1352/mongod
>> tcp 0 0 0.0.0.0:syslog-tls
>> 0.0.0.0:* LISTEN 11377/syslog-ng
>> tcp 0 0 0.0.0.0:ssh
>> 0.0.0.0:* LISTEN 8562/sshd
>> tcp 0 0 localhost:smtp
>> 0.0.0.0:* LISTEN 1778/master
>> tcp6 0 0 [::]:http
>> [::]:* LISTEN 11264/httpd
>> tcp6 0 0 [::]:ssh
>> [::]:* LISTEN 8562/sshd
>> tcp6 0 0 localhost:smtp
>> [::]:* LISTEN 1778/master
>> udp 0 0 0.0.0.0:bootpc
>> 0.0.0.0:* 638/dhclient
>> udp 0 0 0.0.0.0:60094
>> <http://0.0.0.0:60094>
>> 0.0.0.0:* 638/dhclient
>> udp6 0 0 [::]:3126
>> [::]:* 638/dhclient
>>
>>
>>
>> [root at syslogserver loganalyzer]# lsof | grep LISTEN
>> mongod 1352 mongod 6u IPv4
>> 17057 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 1393 mongod 6u IPv4
>> 17057 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2028 mongod 6u IPv4
>> 17057 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2033 mongod 6u IPv4
>> 17057 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2034 mongod 6u IPv4
>> 17057 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2138 mongod 6u IPv4
>> 17057 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2139 mongod 6u IPv4
>> 17057 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2141 mongod 6u IPv4
>> 17057 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2148 mongod 6u IPv4
>> 17057 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2404 mongod 6u IPv4
>> 17057 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2446 mongod 6u IPv4
>> 17057 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2447 mongod 6u IPv4
>> 17057 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2448 mongod 6u IPv4
>> 17057 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2449 mongod 6u IPv4
>> 17057 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2450 mongod 6u IPv4
>> 17057 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2451 mongod 6u IPv4
>> 17057 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 11380 mongod 6u IPv4
>> 17057 0t0 TCP localhost:27017 (LISTEN)
>> master 1778 root 13u IPv4
>> 15893 0t0 TCP localhost:smtp (LISTEN)
>> master 1778 root 14u IPv6
>> 15894 0t0 TCP localhost:smtp (LISTEN)
>> sshd 8562 root 3u IPv4
>> 23963 0t0 TCP *:ssh (LISTEN)
>> sshd 8562 root 4u IPv6
>> 23965 0t0 TCP *:ssh (LISTEN)
>> httpd 11264 root 4u IPv6
>> 32697 0t0 TCP *:http (LISTEN)
>> httpd 11265 apache 4u IPv6
>> 32697 0t0 TCP *:http (LISTEN)
>> httpd 11267 apache 4u IPv6
>> 32697 0t0 TCP *:http (LISTEN)
>> httpd 11268 apache 4u IPv6
>> 32697 0t0 TCP *:http (LISTEN)
>> httpd 11269 apache 4u IPv6
>> 32697 0t0 TCP *:http (LISTEN)
>> httpd 11270 apache 4u IPv6
>> 32697 0t0 TCP *:http (LISTEN)
>> httpd 11275 apache 4u IPv6
>> 32697 0t0 TCP *:http (LISTEN)
>> httpd 11276 apache 4u IPv6
>> 32697 0t0 TCP *:http (LISTEN)
>> httpd 11277 apache 4u IPv6
>> 32697 0t0 TCP *:http (LISTEN)
>> httpd 11278 apache 4u IPv6
>> 32697 0t0 TCP *:http (LISTEN)
>> syslog-ng 11377 root 14u IPv4
>> 34906 0t0 TCP *:syslog-tls (LISTEN)
>> syslog-ng 11377 11378 root 14u IPv4
>> 34906 0t0 TCP *:syslog-tls (LISTEN)
>> syslog-ng 11377 11541 root 14u IPv4
>> 34906 0t0 TCP *:syslog-tls (LISTEN)
>> httpd 11384 apache 4u IPv6
>> 32697 0t0 TCP *:http (LISTEN)
>>
>>
>>
>> and the source config is as follow:
>>
>> source s_sys {
>> system();
>> unix-stream("/dev/log");
>> internal();
>> network(
>> port(6514)
>> # tcp(port(5140));
>> # file("/proc/kmsg" log_prefix("kernel: "));
>> transport("tls")
>> tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem")
>> cert_file("/etc/syslog-ng/cert.d/servercert.pem")
>> ca_dir("/etc/syslog-ng/ca.d"))
>> );
>> };
>>
>>
>>
>>
>> destination d_mongodb {
>> mongodb(
>> # servers("localhost:27017")
>> # database("syslog")
>> # uri('mongodb://localhost/syslog-ng')
>> collection("messages")
>> value-pairs(
>> scope("selected-macros" "nv-pairs" "sdata")
>> )
>> );
>> };
>>
>>
>> Kind regards
>> Ivan
>>
>> On 05/10/2016 01:35 PM, Czanik, Péter wrote:
>>> Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL,
>>> as some of the dependencies are missing from the base distribution:
>>> https://fedoraproject.org/wiki/EPEL
>>>
>>> Bye,
>>> Peter Czanik (CzP) <peter.czanik at balabit.com> <mailto:peter.czanik at balabit.com>
>>> Balabit / syslog-ng upstream
>>> http://czanik.blogs.balabit.com/
>>> https://twitter.com/PCzanik
>>>
>>>
>>> On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev
>>> <akivanradix at gmail.com> <mailto:akivanradix at gmail.com> wrote:
>>>> Hi i note this error of mine but i try the other one:
>>>>
>>>> https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo
>>>> And i have the similar errors when ever i try to install on new CentOS
>>>>
>>>> The procedure im doing is: Fresh installation of CentOS
>>>> yum update
>>>> yum install httpd php vim wget
>>>> then install mongodb ( add repo )
>>>> then install syslog-ng ( add repo )
>>>>
>>>> I'm using: CentOS Linux release 7.2.1511 (Core)
>>>> And im having the following repos:
>>>>
>>>> [root at syslogserver ~]# yum repolist
>>>> Loaded plugins: fastestmirror
>>>> Loading mirror speeds from cached hostfile
>>>> * base: mirror.switch.ch <http://mirror.switch.ch>
>>>> * extras: mirror.switch.ch <http://mirror.switch.ch>
>>>> * updates: mirror.switch.ch <http://mirror.switch.ch>
>>>> repo id
>>>> repo name
>>>> status
>>>> base/7/x86_64
>>>> CentOS-7 - Base
>>>> 9,007
>>>> czanik-syslog-ng37/x86_64
>>>> Copr repo for syslog-ng37 owned by czanik
>>>> 59
>>>> extras/7/x86_64
>>>> CentOS-7 - Extras
>>>> 266
>>>> mongodb-org-3.2/7
>>>> MongoDB Repository
>>>> 35
>>>> updates/7/x86_64
>>>> CentOS-7 - Updates
>>>> 1,437
>>>> repolist: 10,804
>>>>
>>>>
>>>> [root at syslogserver ~]# yum install syslog-ng
>>>> Loaded plugins: fastestmirror
>>>> Loading mirror speeds from cached hostfile
>>>> * base: mirror.switch.ch <http://mirror.switch.ch>
>>>> * extras: mirror.switch.ch <http://mirror.switch.ch>
>>>> * updates: mirror.switch.ch <http://mirror.switch.ch>
>>>> Resolving Dependencies
>>>> --> Running transaction check
>>>> ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed
>>>> --> Processing Dependency: ivykis >= 0.36.1 for package:
>>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>>> --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:
>>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>>> --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:
>>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>>> --> Processing Dependency: libevtlog.so.0()(64bit) for package:
>>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>>> --> Processing Dependency: libivykis.so.0()(64bit) for package:
>>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>>> --> Processing Dependency: libnet.so.1()(64bit) for package:
>>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>>> --> Running transaction check
>>>> ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed
>>>> ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed
>>>> --> Processing Dependency: ivykis >= 0.36.1 for package:
>>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>>> --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:
>>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>>> --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:
>>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>>> --> Processing Dependency: libevtlog.so.0()(64bit) for package:
>>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>>> --> Processing Dependency: libivykis.so.0()(64bit) for package:
>>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>>> --> Finished Dependency Resolution
>>>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>>> Requires: libivykis.so.0(IVYKIS_0.30)(64bit)
>>>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>>> Requires: libivykis.so.0()(64bit)
>>>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>>> Requires: ivykis >= 0.36.1
>>>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>>> Requires: libevtlog.so.0()(64bit)
>>>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>>> Requires: libivykis.so.0(IVYKIS_0.29)(64bit)
>>>> You could try using --skip-broken to work around the problem
>>>> You could try running: rpm -Va --nofiles --nodigest
>>>>
>>>>
>>>> Any idea ?
>>>>
>>>>
>>>> On 05/09/2016 04:09 PM, Czanik, Péter wrote:
>>>>
>>>> Hi,
>>>>
>>>> You should add the repository using the file:
>>>> https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo
>>>> to yum and not just download individual packages. You can use then
>>>> "yum install syslog-ng" which will also download all necessary
>>>> dependencies.
>>>>
>>>> Bye,
>>>> Peter Czanik (CzP) <peter.czanik at balabit.com> <mailto:peter.czanik at balabit.com>
>>>> Balabit / syslog-ng upstream
>>>> http://czanik.blogs.balabit.com/
>>>> https://twitter.com/PCzanik
>>>>
>>>>
>>>> On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev
>>>> <akivanradix at gmail.com> <mailto:akivanradix at gmail.com> wrote:
>>>>
>>>> I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
>>>>
>>>>
>>>> I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
>>>>
>>>> The following errors i get:
>>>>
>>>> --> Finished Dependency Resolution
>>>> Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)
>>>> Requires: libevtlog.so.0()(64bit)
>>>> Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)
>>>> Requires: libpcre.so.0()(64bit)
>>>> You could try using --skip-broken to work around the problem
>>>> You could try running: rpm -Va --nofiles --nodigest
>>>>
>>>>
>>>> Any hints on this ?
>>>>
>>>> Kind regards
>>>> Ivan
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160512/7a90aca5/attachment-0001.htm
More information about the syslog-ng
mailing list