[syslog-ng] Web Visualize logs (Ivan Adji - Krstev)

Ivan Adji - Krstev akivanradix at gmail.com
Fri May 27 13:43:29 CEST 2016 

So the cluster should be the cluster name of the ES ? How can i see this
name ? There is nothing in the elasticsearch.yml file, do i have to
specify there ?

Kind regards
Ivan

On 05/27/2016 12:45 PM, Czanik, Péter wrote:
>     option("cluster", "czpcluster")
>
> Unless your cluster is called "czpcluster", the above option won't
> work. This value is just an example (derived from my nick name :-) ).
>
> Bye,
>
> Peter Czanik (CzP) <peter.czanik at balabit.com
> <mailto:peter.czanik at balabit.com>>
> Balabit / syslog-ng upstream
> http://czanik.blogs.balabit.com/
> https://twitter.com/PCzanik
>
> On Fri, May 27, 2016 at 12:42 PM, Ivan Adji - Krstev
> <akivanradix at gmail.com <mailto:akivanradix at gmail.com>> wrote:
>
>     Well that one i fix it ... export the new path of the libjvm.so
>     file and it works. But now i have another error :)
>
>     *Error stating pattern database file, no automatic reload will be
>     performed; error='No such file or directory'*
>     .
>     .
>     *Add path to classpath:
>     /usr/share/elasticsearch/lib/spatial4j-0.5.jar;**
>     **[2016-05-27T06:38:30.933808] Add path to classpath:
>     /usr/share/elasticsearch/lib/t-digest-3.0.jar;**
>     **[2016-05-27T06:38:31.287344] Add path to classpath:
>     //usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar;**
>     **[2016-05-27T06:38:31.333759] Error initializing message pipeline;**
>     *
>     And i have no idea what is this problem as im using ES for the
>     first time.
>
>     This is what i have:
>
>     source s_sys {
>             system();
>             internal();
>             network(ip(0.0.0.0) port(6514)
>             flags(syslog-protocol)
>             transport("tls")
>             tls(key_file("/etc/syslog-ng/cert.d/serverkey.pem")
>             cert_file("/etc/syslog-ng/cert.d/servercert.pem")
>             ca_dir("/etc/syslog-ng/ca.d")
>             ) );
>
>     };
>     parser pattern_db {
>       db-parser(
>         file("/etc/syslog-ng/patterndb.d/patterndb.xml")
>       );
>     };
>     destination d_es {
>       java(
>        
>     class-path("/usr/lib64/syslog-ng/java-modules/*.jar:/usr/share/elasticsearch/lib/*.jar")
>         class-name("org.syslog_ng.elasticsearch.ElasticSearchDestination")
>         option("index", "syslog-ng_${YEAR}.${MONTH}.${DAY}")
>         option("type", "test")
>         option("cluster", "czpcluster")
>         option("flush_limit", "100")
>         option( "message_template", "$(format-json --scope rfc3164
>     --scope nv-pairs --exclude R_DATE --key ISODATE)\n")
>       );
>     };
>
>
>     Kind regards
>     Ivan
>
>     On 05/27/2016 12:22 PM, Czanik, Péter wrote:
>>     Hi,
>>
>>     To enable Java support you need at least the "syslog-ng" and
>>     "syslog-ng-java" packages from that repository. Optionally you
>>     can also install the "syslog-ng-java-hack" package, which
>>     includes all the necessary JAR files, or you can also point your
>>     config to the JAR files of your Elasticsearch installation. Note,
>>     that syslog-ng 3.7 only supports Elasticsearch 1.X.
>>
>>     You will also need to point syslog-ng to libjvm.so. There are
>>     multiple ways:
>>     https://czanik.blogs.balabit.com/2016/03/troubleshooting-java-support-in-syslog-ng/
>>     My personal preference is the ld.so.conf trick, but note that it
>>     has side effects if you have multiple Java versions on your system.
>>
>>     Bye,
>>
>>     Peter Czanik (CzP) <peter.czanik at balabit.com
>>     <mailto:peter.czanik at balabit.com>>
>>     Balabit / syslog-ng upstream
>>     http://czanik.blogs.balabit.com/
>>     https://twitter.com/PCzanik
>>
>>     On Fri, May 27, 2016 at 12:14 PM, Ivan Adji - Krstev
>>     <akivanradix at gmail.com <mailto:akivanradix at gmail.com>> wrote:
>>
>>         So should i contact him directly or should i wait here to
>>         reply on this list ?
>>
>>         Ivan
>>
>>         On 05/27/2016 12:13 PM, Scheidler, Balázs wrote:
>>>
>>>         Hopefully Peter Czanik can help you then, as he prepared
>>>         those packages.
>>>
>>>         On May 27, 2016 11:10 AM, "Ivan Adji - Krstev"
>>>         <akivanradix at gmail.com <mailto:akivanradix at gmail.com>> wrote:
>>>
>>>             Yes i install that too.. still nothing.
>>>
>>>             Ivan
>>>
>>>             On 05/27/2016 12:09 PM, Fabien Wernli wrote:
>>>>             On Fri, May 27, 2016 at 12:08:21PM +0200, Ivan Adji - Krstev wrote:
>>>>>             Hi Bazsi,
>>>>>             I get syslog from:
>>>>>             "https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo"
>>>>>             <https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo>
>>>>>             add the repo and then "yum install syslog-ng"
>>>>>             after that i have download the Elasticsearch and install it and that is it.
>>>>>             Im using CentOS 7.
>>>>             you also want the package syslog-ng-java
>>>>
>>>>             ______________________________________________________________________________
>>>>             Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>             Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>             FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>
>>>
>>>             ______________________________________________________________________________
>>>             Member info:
>>>             https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>             Documentation:
>>>             http://www.balabit.com/support/documentation/?product=syslog-ng
>>>             FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>>
>>>         ______________________________________________________________________________
>>>         Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>         Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>>         FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>
>>
>>         ______________________________________________________________________________
>>         Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>         Documentation:
>>         http://www.balabit.com/support/documentation/?product=syslog-ng
>>         FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>>
>>
>>     ______________________________________________________________________________
>>     Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>     Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>     FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>
>
>     ______________________________________________________________________________
>     Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>     Documentation:
>     http://www.balabit.com/support/documentation/?product=syslog-ng
>     FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160527/356eb5c3/attachment.htm

More information about the syslog-ng mailing list