[syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
Várady, László
laszlo.varady at balabit.com
Thu May 12 14:03:01 CEST 2016
This output is all about the messages you received, so I think you have a
working configuration now.
--
László Várady
On Thu, May 12, 2016 at 1:49 PM, Ivan Adji - Krstev <akivanradix at gmail.com>
wrote:
> Sorry about the previus messages i was testing and so that i have put the
> wrong path of the certificates here it is *syslog-ng -Fevd *output
>
> [2016-05-12T13:48:13.274891] Filter rule evaluation begins; rule='f_cron',
> location='/etc/syslog-ng/syslog-ng.conf:60:18'
> [2016-05-12T13:48:13.274901] Filter node evaluation result;
> result='not-match', type='facility'
> [2016-05-12T13:48:13.274912] Filter rule evaluation result;
> result='not-match', rule='f_cron',
> location='/etc/syslog-ng/syslog-ng.conf:60:18'
> [2016-05-12T13:48:13.275397] Outgoing message; message='May 12 13:48:10
> syslogserver.novalocal polkitd[630]: Unregistered Authentication Agent for
> unix-process:3014:242607 (system bus name :1.74, object path
> /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
> (disconnected from bus)
> '
> [2016-05-12T13:48:13.275469] Outgoing message; message='May 12 13:48:11
> syslogserver.novalocal sshd[3012]: Connection closed by 115.85.192.40
> [preauth]
> '
> [2016-05-12T13:48:13.275519] Outgoing message; message='May 12 13:48:10
> syslogserver.novalocal systemd[1]: Stopped System Logger Daemon.
> '
>
> Ivan
>
> On 05/12/2016 01:43 PM, Várady, László wrote:
>
> Hi,
>
> Did you stop the syslog-ng daemon (systemctl stop syslog-ng) before
> running 'syslog-ng -Fevd' manually?
>
> --
> László Várady
>
> On Thu, May 12, 2016 at 1:16 PM, Ivan Adji - Krstev <akivanradix at gmail.com
> > wrote:
>
>> OK so i get syslog-ng running with the default configuration.... this
>> have some problem with the TLS configuration.
>>
>> What i have done i have create the certificate procedures ( self signed
>> certificate ) on my laptop following this article:
>> https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-tutorial-mutual-auth-tls/html/create-server-certificate.html
>>
>> So i generate the server certificate on my laptop and the other
>> certificates for the clients. I copy them and put the configuration.
>>
>> Any other configuration in syslog-ng.conf to put and try to working with
>> TLS ?
>>
>> Kind regards
>>
>>
>>
>> On 05/12/2016 12:42 PM, jrhendri wrote:
>>
>> This has to be something very basic.
>> Have you tried checking if another syslog server is running?
>> ps -aef |grep syslog
>>
>> Assuming this shows nothing, try a very simple syslog-ng config file and
>> a manual start on the command line.
>>
>> Make sure you check all the things in your configuration that your copy
>> should open beforehand.
>>
>> This should narrow down the problem I hope :-)
>>
>> Jim
>>
>>
>>
>>
>>
>>
>>
>> Sent from my Verizon, Samsung Galaxy smartphone
>>
>> -------- Original message --------
>> From: Ivan Adji - Krstev <akivanradix at gmail.com><akivanradix at gmail.com>
>> <akivanradix at gmail.com>
>> Date: 5/12/16 5:26 AM (GMT-05:00)
>> To: syslog-ng at lists.balabit.hu
>> Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
>>
>> So i have install EPEL and i have install syslog-ng and mongodb and when
>> i start the syslog-ng service with *syslog-ng -Fevd *command i have the
>> following error AGAIN :).
>>
>> Im not sure what is it and how to prevent it and what to do. But i really
>> need this to work :(.
>>
>> [2016-05-12T05:21:10.739940] Error binding socket;
>> addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)'
>> [2016-05-12T05:21:10.739973] Error initializing message pipeline;
>>
>>
>> [root at syslogserver loganalyzer]# netstat -tupl
>> Active Internet connections (only servers)
>> Proto Recv-Q Send-Q Local Address Foreign Address
>> State PID/Program name
>> tcp 0 0 localhost:27017 0.0.0.0:*
>> LISTEN 1352/mongod
>> tcp 0 0 0.0.0.0:syslog-tls 0.0.0.0:*
>> LISTEN 11377/syslog-ng
>> tcp 0 0 0.0.0.0:ssh 0.0.0.0:*
>> LISTEN 8562/sshd
>> tcp 0 0 localhost:smtp 0.0.0.0:*
>> LISTEN 1778/master
>> tcp6 0 0 [::]:http [::]:*
>> LISTEN 11264/httpd
>> tcp6 0 0 [::]:ssh [::]:*
>> LISTEN 8562/sshd
>> tcp6 0 0 localhost:smtp [::]:*
>> LISTEN 1778/master
>> udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
>> 638/dhclient
>> udp 0 0 0.0.0.0:60094 0.0.0.0:*
>> 638/dhclient
>> udp6 0 0 [::]:3126
>> [::]:* 638/dhclient
>>
>>
>>
>> [root at syslogserver loganalyzer]# lsof | grep LISTEN
>> mongod 1352 mongod 6u IPv4 17057
>> 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 1393 mongod 6u IPv4 17057
>> 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2028 mongod 6u IPv4 17057
>> 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2033 mongod 6u IPv4 17057
>> 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2034 mongod 6u IPv4 17057
>> 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2138 mongod 6u IPv4 17057
>> 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2139 mongod 6u IPv4 17057
>> 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2141 mongod 6u IPv4 17057
>> 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2148 mongod 6u IPv4 17057
>> 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2404 mongod 6u IPv4 17057
>> 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2446 mongod 6u IPv4 17057
>> 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2447 mongod 6u IPv4 17057
>> 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2448 mongod 6u IPv4 17057
>> 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2449 mongod 6u IPv4 17057
>> 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2450 mongod 6u IPv4 17057
>> 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 2451 mongod 6u IPv4 17057
>> 0t0 TCP localhost:27017 (LISTEN)
>> mongod 1352 11380 mongod 6u IPv4 17057
>> 0t0 TCP localhost:27017 (LISTEN)
>> master 1778 root 13u IPv4 15893
>> 0t0 TCP localhost:smtp (LISTEN)
>> master 1778 root 14u IPv6 15894
>> 0t0 TCP localhost:smtp (LISTEN)
>> sshd 8562 root 3u IPv4 23963
>> 0t0 TCP *:ssh (LISTEN)
>> sshd 8562 root 4u IPv6 23965
>> 0t0 TCP *:ssh (LISTEN)
>> httpd 11264 root 4u IPv6 32697
>> 0t0 TCP *:http (LISTEN)
>> httpd 11265 apache 4u IPv6 32697
>> 0t0 TCP *:http (LISTEN)
>> httpd 11267 apache 4u IPv6 32697
>> 0t0 TCP *:http (LISTEN)
>> httpd 11268 apache 4u IPv6 32697
>> 0t0 TCP *:http (LISTEN)
>> httpd 11269 apache 4u IPv6 32697
>> 0t0 TCP *:http (LISTEN)
>> httpd 11270 apache 4u IPv6 32697
>> 0t0 TCP *:http (LISTEN)
>> httpd 11275 apache 4u IPv6 32697
>> 0t0 TCP *:http (LISTEN)
>> httpd 11276 apache 4u IPv6 32697
>> 0t0 TCP *:http (LISTEN)
>> httpd 11277 apache 4u IPv6 32697
>> 0t0 TCP *:http (LISTEN)
>> httpd 11278 apache 4u IPv6 32697
>> 0t0 TCP *:http (LISTEN)
>> syslog-ng 11377 root 14u IPv4 34906
>> 0t0 TCP *:syslog-tls (LISTEN)
>> syslog-ng 11377 11378 root 14u IPv4 34906
>> 0t0 TCP *:syslog-tls (LISTEN)
>> syslog-ng 11377 11541 root 14u IPv4 34906
>> 0t0 TCP *:syslog-tls (LISTEN)
>> httpd 11384 apache 4u IPv6 32697
>> 0t0 TCP *:http (LISTEN)
>>
>>
>>
>> and the source config is as follow:
>>
>> source s_sys {
>> system();
>> unix-stream("/dev/log");
>> internal();
>> network(
>> port(6514)
>> # tcp(port(5140));
>> # file("/proc/kmsg" log_prefix("kernel: "));
>> transport("tls")
>> tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem")
>> cert_file("/etc/syslog-ng/cert.d/servercert.pem")
>> ca_dir("/etc/syslog-ng/ca.d"))
>> );
>> };
>>
>>
>>
>>
>> destination d_mongodb {
>> mongodb(
>> # servers("localhost:27017")
>> # database("syslog")
>> # uri('mongodb://localhost/syslog-ng')
>> collection("messages")
>> value-pairs(
>> scope("selected-macros" "nv-pairs" "sdata")
>> )
>> );
>> };
>>
>>
>> Kind regards
>> Ivan
>>
>> On 05/10/2016 01:35 PM, Czanik, Péter wrote:
>>
>> Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL,
>> as some of the dependencies are missing from the base distribution:https://fedoraproject.org/wiki/EPEL
>>
>> Bye,
>> Peter Czanik (CzP) <peter.czanik at balabit.com> <peter.czanik at balabit.com>
>> Balabit / syslog-ng upstreamhttp://czanik.blogs.balabit.com/https://twitter.com/PCzanik
>>
>>
>> On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev<akivanradix at gmail.com> <akivanradix at gmail.com> wrote:
>>
>> Hi i note this error of mine but i try the other one:
>> https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo
>> And i have the similar errors when ever i try to install on new CentOS
>>
>> The procedure im doing is: Fresh installation of CentOS
>> yum update
>> yum install httpd php vim wget
>> then install mongodb ( add repo )
>> then install syslog-ng ( add repo )
>>
>> I'm using: CentOS Linux release 7.2.1511 (Core)
>> And im having the following repos:
>>
>> [root at syslogserver ~]# yum repolist
>> Loaded plugins: fastestmirror
>> Loading mirror speeds from cached hostfile
>> * base: mirror.switch.ch
>> * extras: mirror.switch.ch
>> * updates: mirror.switch.ch
>> repo id
>> repo name
>> status
>> base/7/x86_64
>> CentOS-7 - Base
>> 9,007
>> czanik-syslog-ng37/x86_64
>> Copr repo for syslog-ng37 owned by czanik
>> 59
>> extras/7/x86_64
>> CentOS-7 - Extras
>> 266
>> mongodb-org-3.2/7
>> MongoDB Repository
>> 35
>> updates/7/x86_64
>> CentOS-7 - Updates
>> 1,437
>> repolist: 10,804
>>
>>
>> [root at syslogserver ~]# yum install syslog-ng
>> Loaded plugins: fastestmirror
>> Loading mirror speeds from cached hostfile
>> * base: mirror.switch.ch
>> * extras: mirror.switch.ch
>> * updates: mirror.switch.ch
>> Resolving Dependencies
>> --> Running transaction check
>> ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed
>> --> Processing Dependency: ivykis >= 0.36.1 for package:
>> syslog-ng-3.7.3-3.el7.centos.x86_64
>> --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:
>> syslog-ng-3.7.3-3.el7.centos.x86_64
>> --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:
>> syslog-ng-3.7.3-3.el7.centos.x86_64
>> --> Processing Dependency: libevtlog.so.0()(64bit) for package:
>> syslog-ng-3.7.3-3.el7.centos.x86_64
>> --> Processing Dependency: libivykis.so.0()(64bit) for package:
>> syslog-ng-3.7.3-3.el7.centos.x86_64
>> --> Processing Dependency: libnet.so.1()(64bit) for package:
>> syslog-ng-3.7.3-3.el7.centos.x86_64
>> --> Running transaction check
>> ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed
>> ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed
>> --> Processing Dependency: ivykis >= 0.36.1 for package:
>> syslog-ng-3.7.3-3.el7.centos.x86_64
>> --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:
>> syslog-ng-3.7.3-3.el7.centos.x86_64
>> --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:
>> syslog-ng-3.7.3-3.el7.centos.x86_64
>> --> Processing Dependency: libevtlog.so.0()(64bit) for package:
>> syslog-ng-3.7.3-3.el7.centos.x86_64
>> --> Processing Dependency: libivykis.so.0()(64bit) for package:
>> syslog-ng-3.7.3-3.el7.centos.x86_64
>> --> Finished Dependency Resolution
>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>> Requires: libivykis.so.0(IVYKIS_0.30)(64bit)
>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>> Requires: libivykis.so.0()(64bit)
>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>> Requires: ivykis >= 0.36.1
>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>> Requires: libevtlog.so.0()(64bit)
>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>> Requires: libivykis.so.0(IVYKIS_0.29)(64bit)
>> You could try using --skip-broken to work around the problem
>> You could try running: rpm -Va --nofiles --nodigest
>>
>>
>> Any idea ?
>>
>>
>> On 05/09/2016 04:09 PM, Czanik, Péter wrote:
>>
>> Hi,
>>
>> You should add the repository using the file:https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo
>> to yum and not just download individual packages. You can use then
>> "yum install syslog-ng" which will also download all necessary
>> dependencies.
>>
>> Bye,
>> Peter Czanik (CzP) <peter.czanik at balabit.com> <peter.czanik at balabit.com>
>> Balabit / syslog-ng upstreamhttp://czanik.blogs.balabit.com/https://twitter.com/PCzanik
>>
>>
>> On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev<akivanradix at gmail.com> <akivanradix at gmail.com> wrote:
>>
>> I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
>>
>>
>> I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
>>
>> The following errors i get:
>>
>> --> Finished Dependency Resolution
>> Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)
>> Requires: libevtlog.so.0()(64bit)
>> Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)
>> Requires: libpcre.so.0()(64bit)
>> You could try using --skip-broken to work around the problem
>> You could try running: rpm -Va --nofiles --nodigest
>>
>>
>> Any hints on this ?
>>
>> Kind regards
>> Ivan
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160512/5bde74fc/attachment-0001.htm
More information about the syslog-ng
mailing list