[syslog-ng] Web Visualize logs (Ivan Adji - Krstev)

Scot Needy scotrn at gmail.com
Wed Sep 7 12:55:48 CEST 2016


From the server where ES is running curl http://localhost:9200 <http://localhost:9200/> 



> On May 27, 2016, at 7:43 AM, Ivan Adji - Krstev <akivanradix at gmail.com> wrote:
> 
> So the cluster should be the cluster name of the ES ? How can i see this name ? There is nothing in the elasticsearch.yml file, do i have to specify there ?
> 
> Kind regards
> Ivan
> 
> On 05/27/2016 12:45 PM, Czanik, Péter wrote:
>>     option("cluster", "czpcluster")
>> 
>> Unless your cluster is called "czpcluster", the above option won't work. This value is just an example (derived from my nick name :-) ).
>> 
>> Bye,
>> 
>> Peter Czanik (CzP) <peter.czanik at balabit.com <mailto:peter.czanik at balabit.com>>
>> Balabit / syslog-ng upstream
>> http://czanik.blogs.balabit.com/ <http://czanik.blogs.balabit.com/>
>> https://twitter.com/PCzanik <https://twitter.com/PCzanik>
>> On Fri, May 27, 2016 at 12:42 PM, Ivan Adji - Krstev <akivanradix at gmail.com <mailto:akivanradix at gmail.com>> wrote:
>> Well that one i fix it ... export the new path of the libjvm.so file and it works. But now i have another error :)
>> 
>> Error stating pattern database file, no automatic reload will be performed; error='No such file or directory'
>> .
>> .
>> Add path to classpath: /usr/share/elasticsearch/lib/spatial4j-0.5.jar;
>> [2016-05-27T06:38:30.933808] Add path to classpath: /usr/share/elasticsearch/lib/t-digest-3.0.jar;
>> [2016-05-27T06:38:31.287344] Add path to classpath: //usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar;
>> [2016-05-27T06:38:31.333759] Error initializing message pipeline;
>> 
>> And i have no idea what is this problem as im using ES for the first time. 
>> 
>> This is what i have:
>> 
>> source s_sys {
>>         system();
>>         internal();
>>         network(ip(0.0.0.0) port(6514)
>>         flags(syslog-protocol)
>>         transport("tls")
>>         tls(key_file("/etc/syslog-ng/cert.d/serverkey.pem")
>>         cert_file("/etc/syslog-ng/cert.d/servercert.pem")
>>         ca_dir("/etc/syslog-ng/ca.d")
>>         ) );
>> 
>> };
>> parser pattern_db {
>>   db-parser(
>>     file("/etc/syslog-ng/patterndb.d/patterndb.xml")
>>   );
>> };
>> destination d_es {
>>   java(
>>     class-path("/usr/lib64/syslog-ng/java-modules/*.jar:/usr/share/elasticsearch/lib/*.jar")
>>     class-name("org.syslog_ng.elasticsearch.ElasticSearchDestination")
>>     option("index", "syslog-ng_${YEAR}.${MONTH}.${DAY}")
>>     option("type", "test")
>>     option("cluster", "czpcluster")
>>     option("flush_limit", "100")
>>     option( "message_template", "$(format-json --scope rfc3164 --scope nv-pairs --exclude R_DATE --key ISODATE)\n")
>>   );
>> };
>> 
>> 
>> Kind regards
>> Ivan
>> 
>> On 05/27/2016 12:22 PM, Czanik, Péter wrote:
>>> Hi,
>>> 
>>> To enable Java support you need at least the "syslog-ng" and "syslog-ng-java" packages from that repository. Optionally you can also install the "syslog-ng-java-hack" package, which includes all the necessary JAR files, or you can also point your config to the JAR files of your Elasticsearch installation. Note, that syslog-ng 3.7 only supports Elasticsearch 1.X.
>>> 
>>> You will also need to point syslog-ng to libjvm.so. There are multiple ways:  <https://czanik.blogs.balabit.com/2016/03/troubleshooting-java-support-in-syslog-ng/>https://czanik.blogs.balabit.com/2016/03/troubleshooting-java-support-in-syslog-ng/ <https://czanik.blogs.balabit.com/2016/03/troubleshooting-java-support-in-syslog-ng/> My personal preference is the ld.so.conf trick, but note that it has side effects if you have multiple Java versions on your system.
>>> 
>>> Bye,
>>> 
>>> Peter Czanik (CzP) <peter.czanik at balabit.com <mailto:peter.czanik at balabit.com>>
>>> Balabit / syslog-ng upstream
>>> http://czanik.blogs.balabit.com/ <http://czanik.blogs.balabit.com/>
>>> https://twitter.com/PCzanik <https://twitter.com/PCzanik>
>>> On Fri, May 27, 2016 at 12:14 PM, Ivan Adji - Krstev < <mailto:akivanradix at gmail.com>akivanradix at gmail.com <mailto:akivanradix at gmail.com>> wrote:
>>> So should i contact him directly or should i wait here to reply on this list ?
>>> 
>>> Ivan
>>> 
>>> On 05/27/2016 12:13 PM, Scheidler, Balázs wrote:
>>>> Hopefully Peter Czanik can help you then, as he prepared those packages.
>>>> 
>>>> On May 27, 2016 11:10 AM, "Ivan Adji - Krstev" <akivanradix at gmail.com <mailto:akivanradix at gmail.com>> wrote:
>>>> Yes i install that too.. still nothing.
>>>> 
>>>> Ivan
>>>> 
>>>> On 05/27/2016 12:09 PM, Fabien Wernli wrote:
>>>>> On Fri, May 27, 2016 at 12:08:21PM +0200, Ivan Adji - Krstev wrote:
>>>>>> Hi Bazsi,
>>>>>> I get syslog from:
>>>>>> "https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo" <https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo>
>>>>>> add the repo and then "yum install syslog-ng"
>>>>>> after that i have download the Elasticsearch and install it and that is it.
>>>>>> Im using CentOS 7.
>>>>> you also want the package syslog-ng-java
>>>>> 
>>>>> ______________________________________________________________________________
>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
>>>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
>>>>> 
>>>> 
>>>> 
>>>> ______________________________________________________________________________
>>>> Member info:  <https://lists.balabit.hu/mailman/listinfo/syslog-ng>https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
>>>> Documentation:  <http://www.balabit.com/support/documentation/?product=syslog-ng>http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
>>>> 
>>>> 
>>>> 
>>>> 
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
>>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
>>>> 
>>> 
>>> 
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
>>> 
>>> 
>>> 
>>> 
>>> 
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
>>> 
>> 
>> 
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
>> 
>> 
>> 
>> 
>> 
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
>> 
> 
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160907/617b55ff/attachment-0001.htm 


More information about the syslog-ng mailing list