[syslog-ng] Error initializing message pipeline;

Laszlo Budai laszlo.budai at outlook.com
Wed Jan 18 05:40:04 UTC 2017 

hi,

we support ES5.x only via http mode.

regards,
Laszlo Budai

_____________________________
From: Scot <scotrn at gmail.com<mailto:scotrn at gmail.com>>
Sent: Wednesday, January 18, 2017 3:33 AM
Subject: Re: [syslog-ng] Error initializing message pipeline;
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu<mailto:syslog-ng at lists.balabit.hu>>, Fabien Wernli <wernli at in2p3.fr<mailto:wernli at in2p3.fr>>


Is client-mode("transport") now supported with ES 5.1?   I thought it was only http mode for ES 5.

I got pipeline error then switched to http thinking it was the transport mode. http worked fine.


On Tue, Jan 17, 2017 at 9:58 AM, Fabien Wernli <wernli at in2p3.fr<mailto:wernli at in2p3.fr>> wrote:
Hi Damian,

You need to specify the location to your elasticsearch installation, i.e.
where the .jar files are installed.
If you're using the official packages from elastic.co<http://elastic.co>, they are most likely
located here: /usr/share/elasticsearch/lib/

So your config ought to look like the following instead:

    source s_syslog { udp(ip(0.0.0.0) port(514)); };

    destination d_elastic {
      elasticsearch2(
        client-lib-dir("/usr/share/elasticsearch/lib/")
        index("syslog-ng_${YEAR}.${MONTH}.${DAY}")
        type("test")
        cluster("someserver")
        client-mode("transport")
        template("$(format-json --scope rfc5424 --scope nv-pairs --exclude DATE --key ISODATE)")
        time-zone("UTC")
      );
    };

Moreover, you might want to set the destination's timezone to UTC too, or
you'll have surprises in kibana around midnight UTC: time-zone("UTC")

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170118/fab9d189/attachment.html>

More information about the syslog-ng mailing list