[syslog-ng] Web Visualize logs (Ivan Adji - Krstev)

Ivan Adji - Krstev akivanradix at gmail.com
Fri May 27 12:42:19 CEST 2016 

Well that one i fix it ... export the new path of the libjvm.so file and
it works. But now i have another error :)

*Error stating pattern database file, no automatic reload will be
performed; error='No such file or directory'*
.
.
*Add path to classpath: /usr/share/elasticsearch/lib/spatial4j-0.5.jar;**
**[2016-05-27T06:38:30.933808] Add path to classpath:
/usr/share/elasticsearch/lib/t-digest-3.0.jar;**
**[2016-05-27T06:38:31.287344] Add path to classpath:
//usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar;**
**[2016-05-27T06:38:31.333759] Error initializing message pipeline;**
*
And i have no idea what is this problem as im using ES for the first time.

This is what i have:

source s_sys {
        system();
        internal();
        network(ip(0.0.0.0) port(6514)
        flags(syslog-protocol)
        transport("tls")
        tls(key_file("/etc/syslog-ng/cert.d/serverkey.pem")
        cert_file("/etc/syslog-ng/cert.d/servercert.pem")
        ca_dir("/etc/syslog-ng/ca.d")
        ) );

};
parser pattern_db {
  db-parser(
    file("/etc/syslog-ng/patterndb.d/patterndb.xml")
  );
};
destination d_es {
  java(
   
class-path("/usr/lib64/syslog-ng/java-modules/*.jar:/usr/share/elasticsearch/lib/*.jar")
    class-name("org.syslog_ng.elasticsearch.ElasticSearchDestination")
    option("index", "syslog-ng_${YEAR}.${MONTH}.${DAY}")
    option("type", "test")
    option("cluster", "czpcluster")
    option("flush_limit", "100")
    option( "message_template", "$(format-json --scope rfc3164 --scope
nv-pairs --exclude R_DATE --key ISODATE)\n")
  );
};


Kind regards
Ivan

On 05/27/2016 12:22 PM, Czanik, Péter wrote:
> Hi,
>
> To enable Java support you need at least the "syslog-ng" and
> "syslog-ng-java" packages from that repository. Optionally you can
> also install the "syslog-ng-java-hack" package, which includes all the
> necessary JAR files, or you can also point your config to the JAR
> files of your Elasticsearch installation. Note, that syslog-ng 3.7
> only supports Elasticsearch 1.X.
>
> You will also need to point syslog-ng to libjvm.so. There are multiple
> ways:
> https://czanik.blogs.balabit.com/2016/03/troubleshooting-java-support-in-syslog-ng/
> My personal preference is the ld.so.conf trick, but note that it has
> side effects if you have multiple Java versions on your system.
>
> Bye,
>
> Peter Czanik (CzP) <peter.czanik at balabit.com
> <mailto:peter.czanik at balabit.com>>
> Balabit / syslog-ng upstream
> http://czanik.blogs.balabit.com/
> https://twitter.com/PCzanik
>
> On Fri, May 27, 2016 at 12:14 PM, Ivan Adji - Krstev
> <akivanradix at gmail.com <mailto:akivanradix at gmail.com>> wrote:
>
>     So should i contact him directly or should i wait here to reply on
>     this list ?
>
>     Ivan
>
>     On 05/27/2016 12:13 PM, Scheidler, Balázs wrote:
>>
>>     Hopefully Peter Czanik can help you then, as he prepared those
>>     packages.
>>
>>     On May 27, 2016 11:10 AM, "Ivan Adji - Krstev"
>>     <akivanradix at gmail.com <mailto:akivanradix at gmail.com>> wrote:
>>
>>         Yes i install that too.. still nothing.
>>
>>         Ivan
>>
>>         On 05/27/2016 12:09 PM, Fabien Wernli wrote:
>>>         On Fri, May 27, 2016 at 12:08:21PM +0200, Ivan Adji - Krstev wrote:
>>>>         Hi Bazsi,
>>>>         I get syslog from:
>>>>         "https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo"
>>>>         <https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo>
>>>>         add the repo and then "yum install syslog-ng"
>>>>         after that i have download the Elasticsearch and install it and that is it.
>>>>         Im using CentOS 7.
>>>         you also want the package syslog-ng-java
>>>
>>>         ______________________________________________________________________________
>>>         Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>         Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>>         FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>
>>
>>         ______________________________________________________________________________
>>         Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>         Documentation:
>>         http://www.balabit.com/support/documentation/?product=syslog-ng
>>         FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>>
>>     ______________________________________________________________________________
>>     Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>     Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>     FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>
>
>     ______________________________________________________________________________
>     Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>     Documentation:
>     http://www.balabit.com/support/documentation/?product=syslog-ng
>     FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160527/87c8d5ab/attachment.htm

More information about the syslog-ng mailing list