[syslog-ng] How to export syslogng to elasticsearch

Fekete, Róbert robert.fekete at balabit.com
Thu May 18 19:13:13 UTC 2017 

Hi, try

*--enable-java* Enable support for Java-based modules.

and maybe also* --enable-java-modules* Compile the Gradle projects of every
Java module available in modules/java-modules. (I'm not sure about this one)
See
https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/syslog-ng-compile-options.html

HTH,

Robert

On Thu, May 18, 2017 at 8:32 PM, 'Mik J' via SYSLOG-NG <
syslog-ng at balabit.com> wrote:

> Thank you Peter,
> Could you tell me which compile option I should use --enable....
> I haven't found any related to java in the INSTALL file
>
> The Freebsd most of the times I tried don't work on OpenBSD
>
>
> Le Jeudi 18 mai 2017 19h54, "Czanik, Péter" <peter.czanik at balabit.com> a
> écrit :
>
>
> Hi,
>
> Yes, you need to recompile it. I don't have experience with OpenBSD,
> but once upon a time I added Java support to FreeBSD ports. You can
> read about how it works at
> https://www.balabit.com/blog/test-the-latest-freebsd-with-syslog-ng-3-8-1/
>
> Bye,
> Peter Czanik (CzP) <peter.czanik at balabit.com>
> Balabit / syslog-ng upstream
> https://www.balabit.com/blog/author/peterczanik/
> https://twitter.com/PCzanik
>
>
> On Thu, May 18, 2017 at 7:49 PM, Mik J <mikydevel at yahoo.fr> wrote:
> > Thank you for your answer.
> >
> > I use OpenBSD, I built it from the ports.
> >
> > So what you're saying is that I need to recompile it with some java
> option ?
> >
> >
> > Le Jeudi 18 mai 2017 17h20, "Czanik, Péter" <peter.czanik at balabit.com> a
> > écrit :
> >
> >
> > Hi,
> >
> > You don't seem to have the Java module available. Is it a distribution
> > package? Those usually don't have it enabled. Check
> > https://syslog-ng.org/3rd-party-binaries/ for unofficial package for
> > openSUSE, Fedora, Debian and Ubuntu, which are known to have Java
> > support enabled. Also check
> > https://www.balabit.com/blog/troubleshooting-java-support-syslog-ng/
> > and the documentation.
> >
> > Bye,
> > Peter Czanik (CzP) <peter.czanik at balabit.com>
> > Balabit / syslog-ng upstream
> > https://www.balabit.com/blog/author/peterczanik/
> > https://twitter.com/PCzanik
> >
> >
> > On Thu, May 18, 2017 at 4:44 PM, 'Mik J' via SYSLOG-NG
> > <syslog-ng at balabit.com> wrote:
> >> Hello,
> >>
> >> I've read many documentation about how to export syslogng to
> elasticsearch
> >> but still don't get it
> >>
> >> # syslog-ng -V
> >> syslog-ng 3.7.2
> >> Installer-Version: 3.7.2
> >> Revision:
> >> Compile-Date: May  8 2017 10:54:55
> >> Available-Modules:
> >> afprog,afsocket,afsql,afuser,basicfuncs,confgen,csvparser,
> dbparser,graphite,json-plugin,kvformat,linux-kmsg-format,
> pseudofile,syslogformat,system-source,affile,cryptofuncs
> >> Enable-Debug: off
> >> Enable-GProf: off
> >> Enable-Memtrace: off
> >> Enable-IPv6: on
> >> Enable-Spoof-Source: off
> >> Enable-TCP-Wrapper: off
> >> Enable-Linux-Caps: off
> >>
> >>
> >> In syslog-ng.conf I need to add:
> >>
> >> @module mod-java
> >> @include "scl.conf"
> >>
> >> In scl.conf I have (I kept the default configuration)
> >>
> >> @define scl-root "`syslog-ng-data`/include/scl"
> >> @define include-path "`include-path`:`syslog-ng-data`/include"
> >> @include 'scl/*/*.conf'
> >> I don't understand really what should I configure.
> >>
> >> I also downloaded gradle
> >> # ls /usr/local/gradle-3.5
> >>
> >> And Java
> >> # /usr/local/jdk-1.8.0/bin/java -version
> >> openjdk version "1.8.0_121"
> >> OpenJDK Runtime Environment (build 1.8.0_121-b13)
> >> OpenJDK 64-Bit Server VM (build 25.121-b13, mixed mode)
> >>
> >>
> >>
> >> Back to syslog-ng.conf I added
> >> # Test Elasticsearch
> >> filter f_MyTest { host("1.1.1.1"); };
> >> log {
> >> source(s_net);
> >> filter(f_MyTest);
> >> destination(d_MyTest);
> >> };
> >>
> >> destination d_elastic {
> >>  elasticsearch(
> >>  index("syslog-ng_${YEAR}.${MONTH}.${DAY}")
> >>  type("test")
> >>  cluster("syslog-ng")
> >>  client_mode("transport")
> >>  custom_id("${UNIQID}")
> >>  flush-limit("10000")
> >>  );
> >> };
> >> log {
> >>  source(s_net);
> >>  filter(f_MyTest);
> >>  destination(d_elastic);
> >>  flags(flow-control);
> >> };
> >>
> >>
> >> But starting the daemon gives me this error
> >> # syslog-ng
> >> [2017-05-18T16:43:42.465496] Plugin module not found in 'module-path';
> >> module-path='/usr/local/lib/syslog-ng', module='mod-java'
> >> Error parsing destination, destination plugin elasticsearch not found in
> >> /etc/syslog-ng/syslog-ng.conf at line 171, column 2:
> >> elasticsearch(
> >
> >> ^^^^^^^^^^^^^
> >>
> >> ____________________________________________________________
> __________________
> >> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >> Documentation:
> >> http://www.balabit.com/support/documentation/?product=syslog-ng
> >> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >
> >>
> >
> >
>
>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170518/9f268e29/attachment.html>

More information about the syslog-ng mailing list