[syslog-ng] Java issue with elasticsearch
Kókai Péter
peter.kokai at balabit.com
Fri May 25 19:52:00 UTC 2018
Hello,
Would it be possible to share your configuration file as an attachment, or
upload somewhere ?
The error message indicates that the parser reached the end of the file(of
course it is not), but it requires the ';' to close the previous block. It
also points to the place where it found the file end.
177 log { source(s_src); filter(f_crit); destination(d_console); };
178--->
178---> ^
Removing that empty line might also help. (It points to the empty line and
not to the log)
--
Kokan
On Fri, May 25, 2018 at 9:42 PM Komi Elitcha <kmw.elitcha at gmail.com> wrote:
> Hello Kokan,
>
> I double checked inside '/etc/syslog-ng/syslog-ng.conf' file and i don't
> have any '\r' carriage.
>
> Are you pointing me to another conf file?
>
> Regards,
>
> Le 25/05/2018 à 19:10, Kókai Péter a écrit :
>
> Hello,
>
> You probably have a '\r' carriage return in your configuration, that is
> not supported. Remove it and it should work :)
>
> --
> Kokan
>
> On Fri, May 25, 2018 at 8:59 PM Komi Elitcha <kmw.elitcha at gmail.com>
> wrote:
>
>> Oups...
>>
>> Additionally, i'm getting an error saying that syslog-ng-core in not
>> configured yet.
>>
>> I hope i didn't miss anything.
>>
>> Thanks.
>>
>> Le 25/05/2018 à 18:39, Komi Elitcha a écrit :
>>
>> Thank you Gabor,
>>
>> Your below comments were very helpful and i suspect i've solved the java
>> issue (maybe i should open a new thread).
>>
>> After setting correctly the java env in bashrc, this the output i get
>> from #syslog-ng -Fve command:
>>
>>
>> Error parsing config, syntax error, unexpected $end, expecting ';' in
>> /etc/syslog-ng/syslog-ng.conf:
>> 173 log { source(s_src); filter(f_messages); destination(d_messages);
>> };
>> 174
>> 175 log { source(s_src); filter(f_console);
>> destination(d_console_all);
>> 176 destination(d_xconsole); };
>> 177 log { source(s_src); filter(f_crit); destination(d_console); };
>> 178--->
>> 178---> ^
>> 179 # All messages send to a remote site
>> 180 #
>> 181 #log { source(s_src); destination(d_net); };
>> 182 log { source(s_net); destination(d_es); flags(flow-control); };
>> 183
>>
>>
>> I cannot see any syntax error (regarding the ';') in my syslong-ng.conf
>> file. Is there any know bug related to this. Also, i wonder why "log {---}'
>> syntaxes are returning errors.
>>
>>
>> Regards,
>>
>>
>>
>>
>> Le 25/05/2018 à 10:20, Nagy, Gábor a écrit :
>>
>> Sorry I forgot to link our blog post about common java problems.
>> It could help and explain some common errors during installation.
>>
>> https://syslog-ng.com/blog/troubleshooting-java-support-syslog-ng/
>>
>> Regards,
>> Gabor
>>
>> On Fri, May 25, 2018 at 11:35 AM, Nagy, Gábor <gabor.nagy at balabit.com>
>> wrote:
>>
>>> Hi Komi!
>>>
>>> You need the java package for syslog-ng too: "syslog-ng-mod-java".
>>> What is the source of the syslog-ng package you installed?
>>>
>>> You will need additional steps after you have installed the syslog-ng
>>> java package.
>>> In our admin we have detailed instructions to setup elasticsearch2
>>> destination:
>>>
>>> https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configuring-destinations-elasticsearch2.html
>>>
>>> Feel free to ask if you got stuck!
>>>
>>> Regards,
>>> Gabor
>>>
>>> On Fri, May 25, 2018 at 10:49 AM, Komi Elitcha <kmw.elitcha at gmail.com>
>>> wrote:
>>>
>>>> Good day all,
>>>>
>>>> I'm new to this mailing list.
>>>>
>>>> I'm setting up syslong-ng+elasticsearch+kibana on an Ubuntu 18.04; i'm
>>>> getting the following output/error from command: ]#syslog-ng -Fve
>>>>
>>>>
>>>> Error parsing destination, destination plugin java not found in block
>>>> destination elasticsearch2 (at
>>>> /usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf:58:1):
>>>> 1
>>>> 2-----> java(
>>>> 2-----> ^^^^
>>>> 3
>>>> class_path("/usr/lib/syslog-ng/3.15/java-modules/*.jar:/usr/lib/syslog-ng/3.15/java-modules/elastic-jest-client/*.jar:/opt/syslog-ng/jre1.8.0_171/lib//*.jar")
>>>> 4 class_name("org.syslog_ng.elasticsearch_v2.ElasticSearchDestination")
>>>> 5 option("index", "*log*")
>>>> 6 option("type", "syslog")
>>>> 7 option("server", "localhost")
>>>>
>>>> Included from /etc/syslog-ng/syslog-ng.conf:
>>>> 90 # Debian only
>>>> 91 destination d_ppp { file("/var/log/ppp.log"); };
>>>> 92
>>>> 93 # Elasticsearch destination
>>>> 94 destination d_es {
>>>> 95----> elasticsearch2(
>>>> 95----> ^^^^^^^^^^^^^^^^
>>>> 96 cluster("syslog-ng")
>>>> 97 client-lib-dir("/usr/share/elasticsearch/lib/")
>>>> 98 client-lib-dir("/opt/syslog-ng/jre1.8.0_171/lib/")
>>>> 99 time-zone("UTC")
>>>> 100 cluster-url("http://localhost:9200")
>>>>
>>>>
>>>> Any help is welcome.
>>>>
>>>> Thanks.
>>>>
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>> --
>> --
>> KE
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
> --
> --
> KE
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180525/481583ef/attachment.html>
More information about the syslog-ng
mailing list