[syslog-ng] Trouble configuring elasticsearch2 destination
Budai, László
laszlo.budai at oneidentity.com
Wed Jul 4 15:36:30 UTC 2018
Hi,
maybe your system using the coredumpctl( or whatever the name of this tool).
https://www.freedesktop.org/software/systemd/man/coredumpctl.html
regards,
Laszlo Budai
On Wednesday, July 4, 2018, T4iga <niklastai97 at gmail.com> wrote:
> Hi,
>
> as per this:
> https://www.syslog-ng.com/syslog-ng-faq/
> I ran
> ulimit -c unlimited
> syslog-ng -Fdv
> so it should place the core dump in the current locatioin which it doesn't.
> I checked the suggested path to but it is not there so I am currently
> unable to provide you with the back trace.
>
> Sincerely
> Niklas Deffner
>
> 2018-07-04 16:44 GMT+02:00 Szemere, László <laszlo.szemere at balabit.com>:
>
>> Hello,
>> Thank You for the detailed config, I will try to reproduce the error
>> based on this.
>> (In the meantime, could you please extract the back trace from the core
>> file?)
>>
>> Br,
>> Laci
>>
>>
>> On Wed, Jul 4, 2018 at 4:31 PM, T4iga <niklastai97 at gmail.com> wrote:
>>
>>> I did not see your email from 2 minutes before mine. The config i used
>>> was this:
>>> I removed the content of the filters because it contains IP adresses I
>>> would not like to share.
>>> I hope that is not to relevant as per the evaluation.
>>> You can see from the above email, that these exact filters do match the
>>> message
>>> so it should work as far as i can tell.
>>>
>>> ############### Globale Optionen ###############
>>> @version:3.16.1
>>> @include "scl.conf"
>>>
>>> options {
>>> chain_hostnames(off); # Standard
>>> flush_lines(0); # Standard
>>> perm(0640); # Standard
>>> stats_freq(3600); # Standard
>>> threaded(yes); # Standard
>>> create-dirs(yes); # erlaubt Syslog-NG, falls noetig, neue
>>> Verzeichnisse anzulegen
>>> dir-owner(root); # die neuen Verzeichnisse gehoeren root
>>> dir-perm(0640); # entspricht -rw-r-----, Besitzer:
>>> Lesen, Schreiben; Gruppe: Lesen; Alle: Nichts
>>> file-template(t_myLoggingFormat); # legt Standart-Template fuer
>>> file Destinations fest
>>> };
>>>
>>> ############### Sources - Quellen ###############
>>> # Fuer interne Nachrichten
>>> source s_myInternalSource {
>>> system(); # von Betriebssystem und aehnlichem
>>> internal(); # Syslog-interne Nachrichten
>>> };
>>>
>>> # Fuer Netzwerk-Nachrichten
>>> source s_myNetworkSource {
>>> syslog(
>>> ip(0.0.0.0) #
>>> port(601) # Standardport für legacy RFC 3164 UDP
>>> syslog
>>> transport("udp") #
>>> );
>>>
>>> syslog(
>>> ip(0.0.0.0) #
>>> port(514) # Non-Standardport
>>> transport("udp") #
>>> );
>>>
>>> syslog(
>>> ip(0.0.0.0) # Bedeutet NICHT, das von allen
>>> angenommen wird, siehe filter
>>> port(601) # Standardport für RFC 5424 TCP Syslog
>>> ist 601
>>> transport("tcp") # TCP, damit Nachrichten garantiert am
>>> Ziel ankommen
>>> );
>>> syslog(
>>> ip(0.0.0.0) #
>>> port(514) # Non-Standard Port
>>> transport("tcp") #
>>> );
>>> ### UDP ### fuer Checkpoint
>>> #syslog(
>>> # ip(0.0.0.0)
>>> # port(601)
>>> # transport("udp")
>>> #);
>>> #syslog(
>>> # ip(0.0.0.0)
>>> # port(514)
>>> # transport("udp")
>>> #);
>>>
>>> };
>>>
>>> ############### Templates - Vorlagen ###############
>>> # Aufbau des Nachrichteninhalts fuer Dateiziele
>>> template t_myLoggingFormat {
>>> template("$(padding ${FULLHOST} 15 '')|${ISODATE}|PRI:$(padding
>>> ${PRI} 3 '')|${MSGHDR} ${MSG}\n");
>>> };
>>> # Legacy-Nachrichten werden anders geparst
>>> # Mit Standardtempalte wir die Originalnachricht vollständig in MSG
>>> eingefügt
>>>
>>> # Fuer Nachrichtenpfad
>>> # Dateiname ist Tag(Nummer innerhalb des Monats)-Kuerzel(Mon, Tue, Wen,
>>> Thu, Fri, Sat, Sun)
>>> # zum Beispiel "127.0.0.1/2018/Jan/17-Sat"
>>> template t_destination {
>>> template("${FULLHOST}/${YEAR}/${YEAR}-${MONTH_ABBREV}-${DAY}
>>> .log");
>>> };
>>>
>>> ############### Filter ###############
>>> # Ein Filter je Quelle
>>> # Filter kann man so machen:
>>> # filter <filter-id>
>>> # {"<macro-or-template>" operator "<value-or-macro-or-template>"};
>>> # oder mit Functions
>>> filter f_noDebug {
>>> level(emerg..info); # Schließt Debug-Nachrichten
>>> aus
>>> };
>>>
>>> filter f_networkfilter {
>>> };
>>>
>>> filter f_checkpoints {
>>> };
>>>
>>>
>>> ############### Rewrite Rules ######################
>>> rewrite r_checkpoint_remove_irrelevant {
>>> subst(
>>> '\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} - ',
>>> '',
>>> type("pcre"),
>>> value("MESSAGE") flags("utf8" "store-matches")
>>> );
>>>
>>> };
>>>
>>> ############### Ziele - Destinations ###############
>>> # Ein Ziel fuer jede IP-Adresse, Jahr, Monat, Tag, etc
>>> destination d_myDestination{
>>> file("/var/log/syslog-ng/$FULLHOST/$YEAR/$YEAR-$MONTH-$DAY.log"
>>> create_dirs(yes)
>>> );
>>> };
>>>
>>> destination d_testination{
>>> file("/var/log/syslog-ng/test/$FULLHOST/$YEAR/$YEAR-$MONTH-$
>>> DAY.log"
>>> create_dirs(yes)
>>> );
>>> };
>>>
>>> ############### Log-Pfade ###############
>>> #
>>> log {
>>> source(s_myNetworkSource); # Fuer TCP und UDP
>>> Nachrichten von allen Clients
>>> source(s_myInternalSource); # interne Nachrichten
>>> filter(f_networkfilter); # Nur 10.27.221er,
>>> 222er, 231er und 27er Netz
>>> filter(f_noDebug); # alle außer debug
>>> destination(d_myDestination); # universal Ziel; siehe
>>> Template
>>> };
>>> #
>>> log { # for testing purposes
>>> source(s_myNetworkSource);
>>> filter(f_checkpoints); # Nur Checkpoint-Non-Standard
>>> filter(f_noDebug);
>>> # rewrite(r_checkpoint_remove_irrelevant);
>>> destination(d_myDestination);
>>> };
>>>
>>>
>>> #
>>> #log { # for testing purposes
>>> # source(s_myNetworkSource);
>>> # source { syslog( ip( 0.0.0.0) transport("udp")
>>> flags(syslog-protocol); };
>>> # destination(d_testination);
>>> #};
>>>
>>> ############################## ENDE ##############################
>>>
>>>
>>> 2018-07-04 16:21 GMT+02:00 T4iga <niklastai97 at gmail.com>:
>>>
>>>> Hi,
>>>>
>>>> I uninstalled and reinstalled 3.16.1 as soon as it was available. The
>>>> issue of no logging currently persists.
>>>>
>>>> running
>>>> syslog-ng -Fdv
>>>> always ends in
>>>> [2018-07-04T16:15:27.124682] <<<<<< filter rule evaluation result;
>>>> result='MATCH - Forwarding message to the next LogPipe', rule='f_noDebug',
>>>> location='/etc/syslog-ng/syslog-ng.conf:85:19', msg='0x7ff5a40168c0'
>>>> [2018-07-04T16:15:27.124696] <<<<<< filter rule evaluation result;
>>>> result='MATCH - Forwarding message to the next LogPipe',
>>>> rule='f_checkpoints', location='/etc/syslog-ng/syslog-ng.conf:98:23',
>>>> msg='0x7ff5a40168c0'
>>>> [2018-07-04T16:15:27.124709] <<<<<< Source side message processing
>>>> finish; instance='0.0.0.0', location='/etc/syslog-ng/syslog-ng.conf:33:2',
>>>> msg='0x7ff5a40168c0'
>>>> Floating point exception (core dumped)
>>>>
>>>> and there are not messages writen the (local) file destination.
>>>> Could this be another issue with the build or is that my config?
>>>> The odd thing is i already reverted to an older config which was
>>>> previously verified functional
>>>>
>>>> Sincerely
>>>> Niklas Deffner
>>>>
>>>> 2018-07-04 15:37 GMT+02:00 Niklas Deffner <niklastai97 at gmail.com>:
>>>>
>>>>>
>>>>> Hi,
>>>>>
>>>>> Thank you for the explanation.
>>>>>
>>>>> Is that also the reason why logging (in my case)does not work at all
>>>>> in this current state, no matter the config used, even 'crashless'?
>>>>>
>>>>> Sincerely
>>>>> Niklas Deffner
>>>>>
>>>>>
>>>>> Am 4. Juli 2018 15:29:10 MESZ schrieb "Szemere, László" <
>>>>> laszlo.szemere at balabit.com>:
>>>>>>
>>>>>> Hello T4iga,
>>>>>> Your error message helped a lot, Thank You. It successfully leaded
>>>>>> us here: https://github.com/balabit/syslog-ng/blob/41f7c202cb25
>>>>>> 433feb0fa9496960599a53b58522/modules/java/native/java-class-
>>>>>> loader.c#L51
>>>>>> From this @Czanik and me figured out it was a
>>>>>> configuration/packaging error. Peter immediately created a new build, which
>>>>>> worked well on his local machine.
>>>>>> The opensuse building is still running: https://build.opensus
>>>>>> e.org/package/show/home:czanik:syslog-ng316/syslog-ng , please
>>>>>> update your packages with the finished output.
>>>>>>
>>>>>> Best regards,
>>>>>> Laci
>>>>>>
>>>>>>
>>>>>> On Wed, Jul 4, 2018 at 10:51 AM, T4iga <niklastai97 at gmail.com> wrote:
>>>>>>
>>>>>>> 2018-07-04 10:23 GMT+02:00 Fabien Wernli <wernli at in2p3.fr>:
>>>>>>>
>>>>>>>> In order to put aside any systemd complexities,
>>>>>>>> let's try to run syslog-ng in the foreground:
>>>>>>>>
>>>>>>>> export LD_LIBRARY_PATH=/usr/lib64/jvm
>>>>>>>> /java-1.8.0-openjdk-1.8.0/jre/lib/amd64/server
>>>>>>>> syslog-ng -Fdv
>>>>>>>>
>>>>>>>> What happens then?
>>>>>>>>
>>>>>>>> ____________________________________________________________
>>>>>>>> __________________
>>>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>>>> Documentation: http://www.balabit.com/support
>>>>>>>> /documentation/?product=syslog-ng
>>>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>>>
>>>>>>>>
>>>>>>> I got an error that lead me to correct another semantic error I
>>>>>>> made.
>>>>>>> After correcting that it still crashes:
>>>>>>> I suppose the initialization stuff is irrelevant as there are not
>>>>>>> errors apart from the end:
>>>>>>>
>>>>>>> [2018-07-04T10:37:37.193736] Java machine new;
>>>>>>> [2018-07-04T10:37:37.242506] Can't find class;
>>>>>>> class_name='org/syslog_ng/SyslogNgClassLoader'
>>>>>>> **
>>>>>>> ERROR:modules/java/native/java_machine.c:206:java_machine_get_class_loader:
>>>>>>> assertion failed: (self->loader)
>>>>>>> Aborted (core dumped)
>>>>>>>
>>>>>>> Just in case the full thing is needed:
>>>>>>>
>>>>>>> # syslog-ng -Fdv
>>>>>>> [2018-07-04T10:37:37.182933] Systemd is detected as the running init
>>>>>>> system;
>>>>>>> [2018-07-04T10:37:37.184634] Module loaded and initialized
>>>>>>> successfully; module='mod-java'
>>>>>>> [2018-07-04T10:37:37.184664] Starting to read include file;
>>>>>>> filename='/etc/syslog-ng/scl.conf', depth='1'
>>>>>>> [2018-07-04T10:37:37.184921] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/apache/apache.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184927] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184930] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/cim/template.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184932] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184934] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184937] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184940] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184942] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184945] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184947] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184951] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184955] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184959] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184962] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184966] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184969] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184972] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184975] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184978] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184981] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184984] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184988] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184991] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184994] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.184998] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/system/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.185001] Adding include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.185007] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/apache/apache.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.185044] Reading path for candidate modules;
>>>>>>> path='/usr/lib64/syslog-ng'
>>>>>>> [2018-07-04T10:37:37.185080] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libjvm.so', module='jvm'
>>>>>>> [2018-07-04T10:37:37.185117] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libadd-contextual-data.so',
>>>>>>> module='add-contextual-data'
>>>>>>> [2018-07-04T10:37:37.185182] Registering candidate plugin;
>>>>>>> module='add-contextual-data', context='parser', name='add_contextual_data'
>>>>>>> [2018-07-04T10:37:37.185201] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libaffile.so', module='affile'
>>>>>>> [2018-07-04T10:37:37.185271] Registering candidate plugin;
>>>>>>> module='affile', context='source', name='file'
>>>>>>> [2018-07-04T10:37:37.185277] Registering candidate plugin;
>>>>>>> module='affile', context='source', name='pipe'
>>>>>>> [2018-07-04T10:37:37.185280] Registering candidate plugin;
>>>>>>> module='affile', context='source', name='wildcard_file'
>>>>>>> [2018-07-04T10:37:37.185283] Registering candidate plugin;
>>>>>>> module='affile', context='source', name='stdin'
>>>>>>> [2018-07-04T10:37:37.185286] Registering candidate plugin;
>>>>>>> module='affile', context='destination', name='file'
>>>>>>> [2018-07-04T10:37:37.185289] Registering candidate plugin;
>>>>>>> module='affile', context='destination', name='pipe'
>>>>>>> [2018-07-04T10:37:37.185303] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libafmongodb.so',
>>>>>>> module='afmongodb'
>>>>>>> [2018-07-04T10:37:37.185613] Registering candidate plugin;
>>>>>>> module='afmongodb', context='destination', name='mongodb'
>>>>>>> [2018-07-04T10:37:37.185640] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libafprog.so', module='afprog'
>>>>>>> [2018-07-04T10:37:37.185702] Registering candidate plugin;
>>>>>>> module='afprog', context='source', name='program'
>>>>>>> [2018-07-04T10:37:37.185707] Registering candidate plugin;
>>>>>>> module='afprog', context='destination', name='program'
>>>>>>> [2018-07-04T10:37:37.185720] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libafsocket.so',
>>>>>>> module='afsocket'
>>>>>>> [2018-07-04T10:37:37.185867] Registering candidate plugin;
>>>>>>> module='afsocket', context='source', name='unix-stream'
>>>>>>> [2018-07-04T10:37:37.185872] Registering candidate plugin;
>>>>>>> module='afsocket', context='destination', name='unix-stream'
>>>>>>> [2018-07-04T10:37:37.185876] Registering candidate plugin;
>>>>>>> module='afsocket', context='source', name='unix-dgram'
>>>>>>> [2018-07-04T10:37:37.185879] Registering candidate plugin;
>>>>>>> module='afsocket', context='destination', name='unix-dgram'
>>>>>>> [2018-07-04T10:37:37.185883] Registering candidate plugin;
>>>>>>> module='afsocket', context='source', name='tcp'
>>>>>>> [2018-07-04T10:37:37.185886] Registering candidate plugin;
>>>>>>> module='afsocket', context='destination', name='tcp'
>>>>>>> [2018-07-04T10:37:37.185889] Registering candidate plugin;
>>>>>>> module='afsocket', context='source', name='tcp6'
>>>>>>> [2018-07-04T10:37:37.185892] Registering candidate plugin;
>>>>>>> module='afsocket', context='destination', name='tcp6'
>>>>>>> [2018-07-04T10:37:37.185896] Registering candidate plugin;
>>>>>>> module='afsocket', context='source', name='udp'
>>>>>>> [2018-07-04T10:37:37.185899] Registering candidate plugin;
>>>>>>> module='afsocket', context='destination', name='udp'
>>>>>>> [2018-07-04T10:37:37.185902] Registering candidate plugin;
>>>>>>> module='afsocket', context='source', name='udp6'
>>>>>>> [2018-07-04T10:37:37.185906] Registering candidate plugin;
>>>>>>> module='afsocket', context='destination', name='udp6'
>>>>>>> [2018-07-04T10:37:37.185909] Registering candidate plugin;
>>>>>>> module='afsocket', context='source', name='syslog'
>>>>>>> [2018-07-04T10:37:37.185912] Registering candidate plugin;
>>>>>>> module='afsocket', context='destination', name='syslog'
>>>>>>> [2018-07-04T10:37:37.185915] Registering candidate plugin;
>>>>>>> module='afsocket', context='source', name='network'
>>>>>>> [2018-07-04T10:37:37.185921] Registering candidate plugin;
>>>>>>> module='afsocket', context='destination', name='network'
>>>>>>> [2018-07-04T10:37:37.185924] Registering candidate plugin;
>>>>>>> module='afsocket', context='source', name='systemd-syslog'
>>>>>>> [2018-07-04T10:37:37.185951] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libafstomp.so', module='afstomp'
>>>>>>> [2018-07-04T10:37:37.186009] Registering candidate plugin;
>>>>>>> module='afstomp', context='destination', name='stomp'
>>>>>>> [2018-07-04T10:37:37.186024] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libafuser.so', module='afuser'
>>>>>>> [2018-07-04T10:37:37.186077] Registering candidate plugin;
>>>>>>> module='afuser', context='destination', name='usertty'
>>>>>>> [2018-07-04T10:37:37.186090] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libappmodel.so',
>>>>>>> module='appmodel'
>>>>>>> [2018-07-04T10:37:37.186142] Registering candidate plugin;
>>>>>>> module='appmodel', context='root', name='application'
>>>>>>> [2018-07-04T10:37:37.186147] Registering candidate plugin;
>>>>>>> module='appmodel', context='parser', name='app-parser'
>>>>>>> [2018-07-04T10:37:37.186159] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libbasicfuncs.so',
>>>>>>> module='basicfuncs'
>>>>>>> [2018-07-04T10:37:37.186227] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='grep'
>>>>>>> [2018-07-04T10:37:37.186232] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='if'
>>>>>>> [2018-07-04T10:37:37.186235] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='or'
>>>>>>> [2018-07-04T10:37:37.186239] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='context-lookup'
>>>>>>> [2018-07-04T10:37:37.186242] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='context-length'
>>>>>>> [2018-07-04T10:37:37.186246] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='context-values'
>>>>>>> [2018-07-04T10:37:37.186249] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='echo'
>>>>>>> [2018-07-04T10:37:37.186252] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='length'
>>>>>>> [2018-07-04T10:37:37.186256] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='substr'
>>>>>>> [2018-07-04T10:37:37.186259] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='strip'
>>>>>>> [2018-07-04T10:37:37.186262] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='sanitize'
>>>>>>> [2018-07-04T10:37:37.186265] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='lowercase'
>>>>>>> [2018-07-04T10:37:37.186269] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='uppercase'
>>>>>>> [2018-07-04T10:37:37.186272] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='replace-delimiter'
>>>>>>> [2018-07-04T10:37:37.186276] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='padding'
>>>>>>> [2018-07-04T10:37:37.186279] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='binary'
>>>>>>> [2018-07-04T10:37:37.186282] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='dirname'
>>>>>>> [2018-07-04T10:37:37.186285] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='basename'
>>>>>>> [2018-07-04T10:37:37.186289] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='list-concat'
>>>>>>> [2018-07-04T10:37:37.186292] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='list-head'
>>>>>>> [2018-07-04T10:37:37.186295] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='list-nth'
>>>>>>> [2018-07-04T10:37:37.186299] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='list-tail'
>>>>>>> [2018-07-04T10:37:37.186302] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='list-slice'
>>>>>>> [2018-07-04T10:37:37.186306] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='list-count'
>>>>>>> [2018-07-04T10:37:37.186309] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='list-append'
>>>>>>> [2018-07-04T10:37:37.186312] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='+'
>>>>>>> [2018-07-04T10:37:37.186315] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='-'
>>>>>>> [2018-07-04T10:37:37.186319] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='*'
>>>>>>> [2018-07-04T10:37:37.186322] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='/'
>>>>>>> [2018-07-04T10:37:37.186325] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='%'
>>>>>>> [2018-07-04T10:37:37.186328] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='sum'
>>>>>>> [2018-07-04T10:37:37.186332] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='min'
>>>>>>> [2018-07-04T10:37:37.186335] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='max'
>>>>>>> [2018-07-04T10:37:37.186338] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='average'
>>>>>>> [2018-07-04T10:37:37.186341] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='ipv4-to-int'
>>>>>>> [2018-07-04T10:37:37.186345] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='indent-multi-line'
>>>>>>> [2018-07-04T10:37:37.186348] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='env'
>>>>>>> [2018-07-04T10:37:37.186351] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='template'
>>>>>>> [2018-07-04T10:37:37.186355] Registering candidate plugin;
>>>>>>> module='basicfuncs', context='template-func', name='urlencode'
>>>>>>> [2018-07-04T10:37:37.186367] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libcef.so', module='cef'
>>>>>>> [2018-07-04T10:37:37.186418] Registering candidate plugin;
>>>>>>> module='cef', context='template-func', name='format-cef-extension'
>>>>>>> [2018-07-04T10:37:37.186430] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libconfgen.so', module='confgen'
>>>>>>> [2018-07-04T10:37:37.186486] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libcryptofuncs.so',
>>>>>>> module='cryptofuncs'
>>>>>>> [2018-07-04T10:37:37.186538] Registering candidate plugin;
>>>>>>> module='cryptofuncs', context='template-func', name='uuid'
>>>>>>> [2018-07-04T10:37:37.186543] Registering candidate plugin;
>>>>>>> module='cryptofuncs', context='template-func', name='hash'
>>>>>>> [2018-07-04T10:37:37.186547] Registering candidate plugin;
>>>>>>> module='cryptofuncs', context='template-func', name='sha1'
>>>>>>> [2018-07-04T10:37:37.186550] Registering candidate plugin;
>>>>>>> module='cryptofuncs', context='template-func', name='sha256'
>>>>>>> [2018-07-04T10:37:37.186554] Registering candidate plugin;
>>>>>>> module='cryptofuncs', context='template-func', name='sha512'
>>>>>>> [2018-07-04T10:37:37.186561] Registering candidate plugin;
>>>>>>> module='cryptofuncs', context='template-func', name='md4'
>>>>>>> [2018-07-04T10:37:37.186565] Registering candidate plugin;
>>>>>>> module='cryptofuncs', context='template-func', name='md5'
>>>>>>> [2018-07-04T10:37:37.186576] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libcsvparser.so',
>>>>>>> module='csvparser'
>>>>>>> [2018-07-04T10:37:37.186628] Registering candidate plugin;
>>>>>>> module='csvparser', context='parser', name='csv-parser'
>>>>>>> [2018-07-04T10:37:37.186641] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libdate.so', module='date'
>>>>>>> [2018-07-04T10:37:37.186693] Registering candidate plugin;
>>>>>>> module='date', context='parser', name='date-parser'
>>>>>>> [2018-07-04T10:37:37.186705] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libdbparser.so',
>>>>>>> module='dbparser'
>>>>>>> [2018-07-04T10:37:37.186777] Registering candidate plugin;
>>>>>>> module='dbparser', context='parser', name='db-parser'
>>>>>>> [2018-07-04T10:37:37.186782] Registering candidate plugin;
>>>>>>> module='dbparser', context='parser', name='grouping-by'
>>>>>>> [2018-07-04T10:37:37.186795] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libdisk-buffer.so',
>>>>>>> module='disk-buffer'
>>>>>>> [2018-07-04T10:37:37.186849] Registering candidate plugin;
>>>>>>> module='disk-buffer', context='inner-dest', name='disk_buffer'
>>>>>>> [2018-07-04T10:37:37.186863] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libgraphite.so',
>>>>>>> module='graphite'
>>>>>>> [2018-07-04T10:37:37.186911] Registering candidate plugin;
>>>>>>> module='graphite', context='template-func', name='graphite_output'
>>>>>>> [2018-07-04T10:37:37.186924] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libhook-commands.so',
>>>>>>> module='hook-commands'
>>>>>>> [2018-07-04T10:37:37.186974] Registering candidate plugin;
>>>>>>> module='hook-commands', context='inner-dest', name='hook-commands'
>>>>>>> [2018-07-04T10:37:37.186979] Registering candidate plugin;
>>>>>>> module='hook-commands', context='inner-src', name='hook-commands'
>>>>>>> [2018-07-04T10:37:37.186990] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libjson-plugin.so',
>>>>>>> module='json-plugin'
>>>>>>> [2018-07-04T10:37:37.187083] Registering candidate plugin;
>>>>>>> module='json-plugin', context='parser', name='json-parser'
>>>>>>> [2018-07-04T10:37:37.187088] Registering candidate plugin;
>>>>>>> module='json-plugin', context='template-func', name='format_json'
>>>>>>> [2018-07-04T10:37:37.187105] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libkvformat.so',
>>>>>>> module='kvformat'
>>>>>>> [2018-07-04T10:37:37.187159] Registering candidate plugin;
>>>>>>> module='kvformat', context='parser', name='kv-parser'
>>>>>>> [2018-07-04T10:37:37.187164] Registering candidate plugin;
>>>>>>> module='kvformat', context='parser', name='linux-audit-parser'
>>>>>>> [2018-07-04T10:37:37.187168] Registering candidate plugin;
>>>>>>> module='kvformat', context='template-func', name='format-welf'
>>>>>>> [2018-07-04T10:37:37.187179] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='liblinux-kmsg-format.so',
>>>>>>> module='linux-kmsg-format'
>>>>>>> [2018-07-04T10:37:37.187229] Registering candidate plugin;
>>>>>>> module='linux-kmsg-format', context='format', name='linux-kmsg'
>>>>>>> [2018-07-04T10:37:37.187242] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libmap-value-pairs.so',
>>>>>>> module='map-value-pairs'
>>>>>>> [2018-07-04T10:37:37.187293] Registering candidate plugin;
>>>>>>> module='map-value-pairs', context='parser', name='map_value_pairs'
>>>>>>> [2018-07-04T10:37:37.187306] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libpseudofile.so',
>>>>>>> module='pseudofile'
>>>>>>> [2018-07-04T10:37:37.187358] Registering candidate plugin;
>>>>>>> module='pseudofile', context='destination', name='pseudofile'
>>>>>>> [2018-07-04T10:37:37.187371] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libsdjournal.so',
>>>>>>> module='sdjournal'
>>>>>>> [2018-07-04T10:37:37.187425] Registering candidate plugin;
>>>>>>> module='sdjournal', context='source', name='systemd-journal'
>>>>>>> [2018-07-04T10:37:37.187438] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libsnmptrapd-parser.so',
>>>>>>> module='snmptrapd-parser'
>>>>>>> [2018-07-04T10:37:37.187489] Registering candidate plugin;
>>>>>>> module='snmptrapd-parser', context='parser', name='snmptrapd-parser'
>>>>>>> [2018-07-04T10:37:37.187502] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libstardate.so',
>>>>>>> module='stardate'
>>>>>>> [2018-07-04T10:37:37.187553] Registering candidate plugin;
>>>>>>> module='stardate', context='template-func', name='stardate'
>>>>>>> [2018-07-04T10:37:37.187566] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libsyslogformat.so',
>>>>>>> module='syslogformat'
>>>>>>> [2018-07-04T10:37:37.187618] Registering candidate plugin;
>>>>>>> module='syslogformat', context='format', name='syslog'
>>>>>>> [2018-07-04T10:37:37.187624] Registering candidate plugin;
>>>>>>> module='syslogformat', context='parser', name='syslog-parser'
>>>>>>> [2018-07-04T10:37:37.187635] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libsystem-source.so',
>>>>>>> module='system-source'
>>>>>>> [2018-07-04T10:37:37.187684] Registering candidate plugin;
>>>>>>> module='system-source', context='source', name='system'
>>>>>>> [2018-07-04T10:37:37.187697] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libtags-parser.so',
>>>>>>> module='tags-parser'
>>>>>>> [2018-07-04T10:37:37.187747] Registering candidate plugin;
>>>>>>> module='tags-parser', context='parser', name='tags-parser'
>>>>>>> [2018-07-04T10:37:37.187760] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libtfgetent.so',
>>>>>>> module='tfgetent'
>>>>>>> [2018-07-04T10:37:37.187809] Registering candidate plugin;
>>>>>>> module='tfgetent', context='template-func', name='getent'
>>>>>>> [2018-07-04T10:37:37.187821] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libxml.so', module='xml'
>>>>>>> [2018-07-04T10:37:37.187873] Registering candidate plugin;
>>>>>>> module='xml', context='parser', name='xml'
>>>>>>> [2018-07-04T10:37:37.187886] Reading shared object for a candidate
>>>>>>> module; path='/usr/lib64/syslog-ng', fname='libmod-java.so',
>>>>>>> module='mod-java'
>>>>>>> [2018-07-04T10:37:37.187891] Registering candidate plugin;
>>>>>>> module='mod-java', context='options', name='jvm_options'
>>>>>>> [2018-07-04T10:37:37.187896] Registering candidate plugin;
>>>>>>> module='mod-java', context='destination', name='java'
>>>>>>> [2018-07-04T10:37:37.187948] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/apache/apache.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.187961] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.188052] Module loaded and initialized
>>>>>>> successfully; module='appmodel'
>>>>>>> [2018-07-04T10:37:37.188086] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.188098] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/cim/template.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.188223] Module loaded and initialized
>>>>>>> successfully; module='json-plugin'
>>>>>>> [2018-07-04T10:37:37.188348] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/cim/template.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.188362] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.188486] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.188497] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.188579] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.188590] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.188623] Attempted to register the same plugin
>>>>>>> multiple times, dropping the old one; context='parser', name='json-parser'
>>>>>>> [2018-07-04T10:37:37.188629] Attempted to register the same plugin
>>>>>>> multiple times, dropping the old one; context='template-func',
>>>>>>> name='format_json'
>>>>>>> [2018-07-04T10:37:37.188632] Module loaded and initialized
>>>>>>> successfully; module='json-plugin'
>>>>>>> [2018-07-04T10:37:37.188760] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.188770] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.188822] Attempted to register the same plugin
>>>>>>> multiple times, dropping the old one; context='parser', name='json-parser'
>>>>>>> [2018-07-04T10:37:37.188827] Attempted to register the same plugin
>>>>>>> multiple times, dropping the old one; context='template-func',
>>>>>>> name='format_json'
>>>>>>> [2018-07-04T10:37:37.188830] Module loaded and initialized
>>>>>>> successfully; module='json-plugin'
>>>>>>> [2018-07-04T10:37:37.189032] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189043] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189093] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189103] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189137] Attempted to register the same plugin
>>>>>>> multiple times, dropping the old one; context='parser', name='json-parser'
>>>>>>> [2018-07-04T10:37:37.189142] Attempted to register the same plugin
>>>>>>> multiple times, dropping the old one; context='template-func',
>>>>>>> name='format_json'
>>>>>>> [2018-07-04T10:37:37.189145] Module loaded and initialized
>>>>>>> successfully; module='json-plugin'
>>>>>>> [2018-07-04T10:37:37.189284] Module loaded and initialized
>>>>>>> successfully; module='basicfuncs'
>>>>>>> [2018-07-04T10:37:37.189316] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189328] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189403] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189413] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189478] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189488] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189548] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189558] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189681] Module loaded and initialized
>>>>>>> successfully; module='confgen'
>>>>>>> [2018-07-04T10:37:37.189703] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189715] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189776] Attempted to register the same plugin
>>>>>>> multiple times, dropping the old one; context='parser', name='json-parser'
>>>>>>> [2018-07-04T10:37:37.189781] Attempted to register the same plugin
>>>>>>> multiple times, dropping the old one; context='template-func',
>>>>>>> name='format_json'
>>>>>>> [2018-07-04T10:37:37.189785] Module loaded and initialized
>>>>>>> successfully; module='json-plugin'
>>>>>>> [2018-07-04T10:37:37.189815] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189825] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189893] Attempted to register the same plugin
>>>>>>> multiple times, dropping the old one; context='parser', name='json-parser'
>>>>>>> [2018-07-04T10:37:37.189897] Attempted to register the same plugin
>>>>>>> multiple times, dropping the old one; context='template-func',
>>>>>>> name='format_json'
>>>>>>> [2018-07-04T10:37:37.189900] Module loaded and initialized
>>>>>>> successfully; module='json-plugin'
>>>>>>> [2018-07-04T10:37:37.189926] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189936] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189980] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.189990] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190038] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190048] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190136] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190146] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190189] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190198] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190246] Global value changed;
>>>>>>> define='balabit.credit-card-regexp', value='(:4[0-9]{12}(?:[0-9]{3}
>>>>>>> )?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{
>>>>>>> 13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35d{3})d{11})'
>>>>>>> [2018-07-04T10:37:37.190280] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190289] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190340] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190350] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190400] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190410] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190472] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190482] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190539] Module loaded and initialized
>>>>>>> successfully; module='confgen'
>>>>>>> [2018-07-04T10:37:37.190545] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190554] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/system/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190593] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/system/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190601] Starting to read include file;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190643] Finishing include;
>>>>>>> filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf',
>>>>>>> depth='2'
>>>>>>> [2018-07-04T10:37:37.190661] Global value changed;
>>>>>>> define='java-module-dir', value='/usr/lib64/syslog-ng/java-modules'
>>>>>>> [2018-07-04T10:37:37.190667] Finishing include;
>>>>>>> filename='/etc/syslog-ng/scl.conf', depth='1'
>>>>>>> [2018-07-04T10:37:37.190862] Module loaded and initialized
>>>>>>> successfully; module='system-source'
>>>>>>> [2018-07-04T10:37:37.190952] Module loaded and initialized
>>>>>>> successfully; module='sdjournal'
>>>>>>> [2018-07-04T10:37:37.190996] Finishing include; content='parser
>>>>>>> generator app-parser', depth='2'
>>>>>>> [2018-07-04T10:37:37.191184] Module loaded and initialized
>>>>>>> successfully; module='kvformat'
>>>>>>> [2018-07-04T10:37:37.191201] Finishing include; content='block
>>>>>>> parser iptables-parser() at /usr/share/syslog-ng/include/scl/iptables/iptables.conf:23',
>>>>>>> depth='3'
>>>>>>> [2018-07-04T10:37:37.191329] Module loaded and initialized
>>>>>>> successfully; module='csvparser'
>>>>>>> [2018-07-04T10:37:37.191357] Finishing include; content='block
>>>>>>> parser sudo-parser() at /usr/share/syslog-ng/include/scl/sudo/sudo.conf:23',
>>>>>>> depth='3'
>>>>>>> [2018-07-04T10:37:37.191380] Finishing include; content='parser
>>>>>>> generator app-parser', depth='2'
>>>>>>> [2018-07-04T10:37:37.191404] Finishing include; content='source
>>>>>>> generator system', depth='1'
>>>>>>> [2018-07-04T10:37:37.191591] Module loaded and initialized
>>>>>>> successfully; module='afsocket'
>>>>>>> [2018-07-04T10:37:37.192042] Module loaded and initialized
>>>>>>> successfully; module='dbparser'
>>>>>>> [2018-07-04T10:37:37.192158] Module loaded and initialized
>>>>>>> successfully; module='affile'
>>>>>>> [2018-07-04T10:37:37.192370] Finishing include; content='block
>>>>>>> destination elasticsearch2() at /usr/share/syslog-ng/include/s
>>>>>>> cl/elasticsearch/plugin.conf:59', depth='1'
>>>>>>> [2018-07-04T10:37:37.192738] Module loaded and initialized
>>>>>>> successfully; module='syslogformat'
>>>>>>> [2018-07-04T10:37:37.192935] Accepting connections; addr='AF_INET(
>>>>>>> 0.0.0.0:601)'
>>>>>>> [2018-07-04T10:37:37.192970] Accepting connections; addr='AF_INET(
>>>>>>> 0.0.0.0:514)'
>>>>>>> [2018-07-04T10:37:37.193423] Seeking the journal to the last cursor
>>>>>>> position; cursor='s=df2c9187264b4bb0a3ad
>>>>>>> dd9aa8fc2c71;i=6d55c;b=4458f1142e1f48c0895f522ab1182866;m=87
>>>>>>> d9f8fec7;t=57028562edb9b;x=4373623fa660b876'
>>>>>>> [2018-07-04T10:37:37.193676] Log pattern database reloaded;
>>>>>>> file='/opt/syslog-ng/etc/patterndb.xml', version='3',
>>>>>>> pub_date='2010-07-13'
>>>>>>> [2018-07-04T10:37:37.193712] Processing the time zone file (32bit
>>>>>>> part); filename='/usr/share/zoneinfo/UTC'
>>>>>>> [2018-07-04T10:37:37.193736] Java machine new;
>>>>>>> [2018-07-04T10:37:37.242506] Can't find class;
>>>>>>> class_name='org/syslog_ng/SyslogNgClassLoader'
>>>>>>> **
>>>>>>> ERROR:modules/java/native/java_machine.c:206:java_machine_get_class_loader:
>>>>>>> assertion failed: (self->loader)
>>>>>>> Aborted (core dumped)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ____________________________________________________________
>>>>>>> __________________
>>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>>> Documentation: http://www.balabit.com/support
>>>>>>> /documentation/?product=syslog-ng
>>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>> --
>>>>> Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
>>>>>
>>>>
>>>>
>>>
>>> ____________________________________________________________
>>> __________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support
>>> /documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=
>> syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180704/f32d95b6/attachment-0001.html>
More information about the syslog-ng
mailing list