[syslog-ng] linux-audit-parser not found on stock install of Ubuntu 16.04

Tue Nov 1 21:22:25 UTC 2016

When using a freshly installed version of U16.04, I found that the linux audit log parser does not seem to be installed.

For example:

syslog-ng --module-registry|grep audit <-- returns nothing

==

  1.  This started because I experienced a failure when trying to enable the linux audit parser:
Error parsing parser expression, parser plugin linux-audit-parser not found in /etc/syslog-ng/conf.d/auditd.log.conf at line 3, column 8:
                                                                 included from /etc/syslog-ng/syslog-ng.conf line 164, column 1

       linux-audit-parser(prefix(".auditd."));
  2.  The corresponding conf file is below:

source s_var_log_audit.log { file("/var/log/audit/audit.log" flags(no-parse)); };
parser p_audit_syslog_parser {
       linux-audit-parser(prefix(".auditd."));
       };

log {
    source(s_var_log_audit.log);
    parser(p_audit_syslog_parser);
    destination(d_midfin_logger_2);
};

The officially supported version of syslog-ng in ubuntu is 3.5.1.

==

syslog-ng 3.5.6
Installer-Version: 3.5.6
Revision: 3.5.6-2.1 [@416d315] (Ubuntu/16.04)
Compile-Date: Oct 24 2015 03:49:19
Available-Modules: json-plugin,csvparser,system-source,tfgeoip,afsocket-notls,afamqp,basicfuncs,affile,afsocket-tls,dbparser,afmongodb,cryptofuncs,afsmtp,linux-kmsg-format,afuser,redis,afsocket,afstomp,sysl\
ogformat,confgen,afprog,afsql
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: on
Enable-Pcre: on

Do I need to install an unofficial version or is there some elementary mistake that I am making.

thanks

Varugis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20161101/abce2923/attachment.html>