[syslog-ng] How to export syslogng to elasticsearch

Mik J mikydevel at yahoo.fr
Fri May 19 18:21:09 UTC 2017


Hello Robert,Thank you for your answerRegards
 

    Le Jeudi 18 mai 2017 21h13, "Fekete, Róbert" <robert.fekete at balabit.com> a écrit :
 

 Hi, try--enable-java Enable support for Java-based modules.and maybe also --enable-java-modules Compile the Gradle projects of every Java module available in modules/java-modules. (I'm not sure about this one)
See https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/syslog-ng-compile-options.html

HTH, 

Robert

On Thu, May 18, 2017 at 8:32 PM, 'Mik J' via SYSLOG-NG <syslog-ng at balabit.com> wrote:

Thank you Peter,Could you tell me which compile option I should use --enable....I haven't found any related to java in the INSTALL file

The Freebsd most of the times I tried don't work on OpenBSD 

    Le Jeudi 18 mai 2017 19h54, "Czanik, Péter" <peter.czanik at balabit.com> a écrit :
 

 Hi,

Yes, you need to recompile it. I don't have experience with OpenBSD,
but once upon a time I added Java support to FreeBSD ports. You can
read about how it works at
https://www.balabit.com/blog/ test-the-latest-freebsd-with- syslog-ng-3-8-1/

Bye,
Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit / syslog-ng upstream
https://www.balabit.com/blog/ author/peterczanik/
https://twitter.com/PCzanik


On Thu, May 18, 2017 at 7:49 PM, Mik J <mikydevel at yahoo.fr> wrote:
> Thank you for your answer.
>
> I use OpenBSD, I built it from the ports.
>
> So what you're saying is that I need to recompile it with some java option ?
>
>
> Le Jeudi 18 mai 2017 17h20, "Czanik, Péter" <peter.czanik at balabit.com> a
> écrit :
>
>
> Hi,
>
> You don't seem to have the Java module available. Is it a distribution
> package? Those usually don't have it enabled. Check
> https://syslog-ng.org/3rd- party-binaries/ for unofficial package for
> openSUSE, Fedora, Debian and Ubuntu, which are known to have Java
> support enabled. Also check
> https://www.balabit.com/blog/ troubleshooting-java-support- syslog-ng/
> and the documentation.
>
> Bye,
> Peter Czanik (CzP) <peter.czanik at balabit.com>
> Balabit / syslog-ng upstream
> https://www.balabit.com/blog/ author/peterczanik/
> https://twitter.com/PCzanik
>
>
> On Thu, May 18, 2017 at 4:44 PM, 'Mik J' via SYSLOG-NG
> <syslog-ng at balabit.com> wrote:
>> Hello,
>>
>> I've read many documentation about how to export syslogng to elasticsearch
>> but still don't get it
>>
>> # syslog-ng -V
>> syslog-ng 3.7.2
>> Installer-Version: 3.7.2
>> Revision:
>> Compile-Date: May  8 2017 10:54:55
>> Available-Modules:
>> afprog,afsocket,afsql,afuser, basicfuncs,confgen,csvparser, dbparser,graphite,json-plugin, kvformat,linux-kmsg-format, pseudofile,syslogformat, system-source,affile, cryptofuncs
>> Enable-Debug: off
>> Enable-GProf: off
>> Enable-Memtrace: off
>> Enable-IPv6: on
>> Enable-Spoof-Source: off
>> Enable-TCP-Wrapper: off
>> Enable-Linux-Caps: off
>>
>>
>> In syslog-ng.conf I need to add:
>>
>> @module mod-java
>> @include "scl.conf"
>>
>> In scl.conf I have (I kept the default configuration)
>>
>> @define scl-root "`syslog-ng-data`/include/scl"
>> @define include-path "`include-path`:`syslog-ng- data`/include"
>> @include 'scl/*/*.conf'
>> I don't understand really what should I configure.
>>
>> I also downloaded gradle
>> # ls /usr/local/gradle-3.5
>>
>> And Java
>> # /usr/local/jdk-1.8.0/bin/java -version
>> openjdk version "1.8.0_121"
>> OpenJDK Runtime Environment (build 1.8.0_121-b13)
>> OpenJDK 64-Bit Server VM (build 25.121-b13, mixed mode)
>>
>>
>>
>> Back to syslog-ng.conf I added
>> # Test Elasticsearch
>> filter f_MyTest { host("1.1.1.1"); };
>> log {
>> source(s_net);
>> filter(f_MyTest);
>> destination(d_MyTest);
>> };
>>
>> destination d_elastic {
>>  elasticsearch(
>>  index("syslog-ng_${YEAR}.${ MONTH}.${DAY}")
>>  type("test")
>>  cluster("syslog-ng")
>>  client_mode("transport")
>>  custom_id("${UNIQID}")
>>  flush-limit("10000")
>>  );
>> };
>> log {
>>  source(s_net);
>>  filter(f_MyTest);
>>  destination(d_elastic);
>>  flags(flow-control);
>> };
>>
>>
>> But starting the daemon gives me this error
>> # syslog-ng
>> [2017-05-18T16:43:42.465496] Plugin module not found in 'module-path';
>> module-path='/usr/local/lib/ syslog-ng', module='mod-java'
>> Error parsing destination, destination plugin elasticsearch not found in
>> /etc/syslog-ng/syslog-ng.conf at line 171, column 2:
>> elasticsearch(
>
>> ^^^^^^^^^^^^^
>>
>> ______________________________ ______________________________ __________________
>> Member info: https://lists.balabit.hu/ mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/ support/documentation/? product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/ syslog-ng-faq
>
>>
>
>

   
______________________________ ______________________________ __________________
Member info: https://lists.balabit.hu/ mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/ support/documentation/? product=syslog-ng
FAQ: http://www.balabit.com/wiki/ syslog-ng-faq






   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170519/371b8dad/attachment.html>


More information about the syslog-ng mailing list