[syslog-ng] Java issue with elasticsearch
Komi Elitcha
kmw.elitcha at gmail.com
Fri May 25 20:05:26 UTC 2018
Kokan,
Please see attached.
Furthermore, the "log {---}" syntax is the one provided from install; i
didn't modify it.
Regards,
Le 25/05/2018 à 19:52, Kókai Péter a écrit :
> Hello,
>
> Would it be possible to share your configuration file as an
> attachment, or upload somewhere ?
>
> The error message indicates that the parser reached the end of the
> file(of course it is not), but it requires the ';' to close the
> previous block. It also points to the place where it found the file end.
>
> 177 log { source(s_src); filter(f_crit); destination(d_console); };
> 178--->
> 178---> ^
>
> Removing that empty line might also help. (It points to the empty line
> and not to the log)
>
> --
> Kokan
>
> On Fri, May 25, 2018 at 9:42 PM Komi Elitcha <kmw.elitcha at gmail.com
> <mailto:kmw.elitcha at gmail.com>> wrote:
>
> Hello Kokan,
>
> I double checked inside '/etc/syslog-ng/syslog-ng.conf' file and i
> don't have any '\r' carriage.
>
> Are you pointing me to another conf file?
>
> Regards,
>
>
> Le 25/05/2018 à 19:10, Kókai Péter a écrit :
>> Hello,
>>
>> You probably have a '\r' carriage return in your configuration,
>> that is not supported. Remove it and it should work :)
>>
>> --
>> Kokan
>>
>> On Fri, May 25, 2018 at 8:59 PM Komi Elitcha
>> <kmw.elitcha at gmail.com <mailto:kmw.elitcha at gmail.com>> wrote:
>>
>> Oups...
>>
>> Additionally, i'm getting an error saying that syslog-ng-core
>> in not configured yet.
>>
>> I hope i didn't miss anything.
>>
>> Thanks.
>>
>>
>> Le 25/05/2018 à 18:39, Komi Elitcha a écrit :
>>>
>>> Thank you Gabor,
>>>
>>> Your below comments were very helpful and i suspect i've
>>> solved the java issue (maybe i should open a new thread).
>>>
>>> After setting correctly the java env in bashrc, this the
>>> output i get from #syslog-ng -Fve command:
>>>
>>>
>>> Error parsing config, syntax error, unexpected $end,
>>> expecting ';' in /etc/syslog-ng/syslog-ng.conf:
>>> 173 log { source(s_src); filter(f_messages);
>>> destination(d_messages); };
>>> 174
>>> 175 log { source(s_src); filter(f_console);
>>> destination(d_console_all);
>>> 176 destination(d_xconsole); };
>>> 177 log { source(s_src); filter(f_crit);
>>> destination(d_console); };
>>> 178--->
>>> 178---> ^
>>> 179 # All messages send to a remote site
>>> 180 #
>>> 181 #log { source(s_src); destination(d_net); };
>>> 182 log { source(s_net); destination(d_es);
>>> flags(flow-control); };
>>> 183
>>>
>>>
>>> I cannot see any syntax error (regarding the ';') in my
>>> syslong-ng.conf file. Is there any know bug related to this.
>>> Also, i wonder why "log {---}' syntaxes are returning errors.
>>>
>>>
>>> Regards,
>>>
>>>
>>>
>>>
>>> Le 25/05/2018 à 10:20, Nagy, Gábor a écrit :
>>>> Sorry I forgot to link our blog post about common java
>>>> problems.
>>>> It could help and explain some common errors during
>>>> installation.
>>>>
>>>> https://syslog-ng.com/blog/troubleshooting-java-support-syslog-ng/
>>>>
>>>> Regards,
>>>> Gabor
>>>>
>>>> On Fri, May 25, 2018 at 11:35 AM, Nagy, Gábor
>>>> <gabor.nagy at balabit.com <mailto:gabor.nagy at balabit.com>> wrote:
>>>>
>>>> Hi Komi!
>>>>
>>>> You need the java package for syslog-ng too:
>>>> "syslog-ng-mod-java".
>>>> What is the source of the syslog-ng package you installed?
>>>>
>>>> You will need additional steps after you have installed
>>>> the syslog-ng java package.
>>>> In our admin we have detailed instructions to setup
>>>> elasticsearch2 destination:
>>>> https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configuring-destinations-elasticsearch2.html
>>>>
>>>> Feel free to ask if you got stuck!
>>>>
>>>> Regards,
>>>> Gabor
>>>>
>>>> On Fri, May 25, 2018 at 10:49 AM, Komi Elitcha
>>>> <kmw.elitcha at gmail.com <mailto:kmw.elitcha at gmail.com>>
>>>> wrote:
>>>>
>>>> Good day all,
>>>>
>>>> I'm new to this mailing list.
>>>>
>>>> I'm setting up syslong-ng+elasticsearch+kibana on
>>>> an Ubuntu 18.04; i'm getting the following
>>>> output/error from command: ]#syslog-ng -Fve
>>>>
>>>>
>>>> Error parsing destination, destination plugin java
>>>> not found in block destination elasticsearch2 (at
>>>> /usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf:58:1):
>>>> 1
>>>> 2-----> java(
>>>> 2-----> ^^^^
>>>> 3
>>>> class_path("/usr/lib/syslog-ng/3.15/java-modules/*.jar:/usr/lib/syslog-ng/3.15/java-modules/elastic-jest-client/*.jar:/opt/syslog-ng/jre1.8.0_171/lib//*.jar")
>>>> 4
>>>> class_name("org.syslog_ng.elasticsearch_v2.ElasticSearchDestination")
>>>> 5 option("index", "*log*")
>>>> 6 option("type", "syslog")
>>>> 7 option("server", "localhost")
>>>>
>>>> Included from /etc/syslog-ng/syslog-ng.conf:
>>>> 90 # Debian only
>>>> 91 destination d_ppp {
>>>> file("/var/log/ppp.log"); };
>>>> 92
>>>> 93 # Elasticsearch destination
>>>> 94 destination d_es {
>>>> 95----> elasticsearch2(
>>>> 95----> ^^^^^^^^^^^^^^^^
>>>> 96 cluster("syslog-ng")
>>>> 97 client-lib-dir("/usr/share/elasticsearch/lib/")
>>>> 98 client-lib-dir("/opt/syslog-ng/jre1.8.0_171/lib/")
>>>> 99 time-zone("UTC")
>>>> 100 cluster-url("http://localhost:9200")
>>>>
>>>>
>>>> Any help is welcome.
>>>>
>>>> Thanks.
>>>>
>>>> ______________________________________________________________________________
>>>> Member info:
>>>> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ______________________________________________________________________________
>>>> Member info:https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ:http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>
>>
>> --
>> --
>> KE
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>> ______________________________________________________________________________
>> Member info:https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ:http://www.balabit.com/wiki/syslog-ng-faq
>>
>
> --
> --
> KE
>
--
--
KE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180525/5ceac731/attachment-0001.html>
-------------- next part --------------
@version: 3.15
@include "scl.conf"
#@include "/usr/share/syslog-ng/include/scl/system/tty10.conf"
@module mod-java
# Syslog-ng configuration file, compatible with default Debian syslogd
# installation.
# First, set some global options.
options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
owner("root"); group("adm"); perm(0640); stats_freq(0);
bad_hostname("^gconfd$");
};
########################
# Sources
########################
# This is the default behavior of sysklogd package
# Logs may come from unix stream, but not from another machine.
#
#source s_src {
# system();
# internal();
#};
# If you wish to get logs from remote machine you should uncomment
# this and comment the above source line.
#
source s_net { tcp(ip(10.228.0.11) port(514)); };
######
# patterndb parser
parser pattern_db {
db-parser (
file ("/opt/syslog-ng/etc/patterndb.xml")
);
};
########################
# Destinations
########################
# First some standard logfile
#
destination d_auth { file("/var/log/auth.log"); };
destination d_cron { file("/var/log/cron.log"); };
destination d_daemon { file("/var/log/daemon.log"); };
destination d_kern { file("/var/log/kern.log"); };
destination d_lpr { file("/var/log/lpr.log"); };
destination d_mail { file("/var/log/mail.log"); };
destination d_syslog { file("/var/log/syslog"); };
destination d_user { file("/var/log/user.log"); };
destination d_uucp { file("/var/log/uucp.log"); };
# This files are the log come from the mail subsystem.
#
destination d_mailinfo { file("/var/log/mail.info"); };
destination d_mailwarn { file("/var/log/mail.warn"); };
destination d_mailerr { file("/var/log/mail.err"); };
# Logging for INN news system
#
destination d_newscrit { file("/var/log/news/news.crit"); };
destination d_newserr { file("/var/log/news/news.err"); };
destination d_newsnotice { file("/var/log/news/news.notice"); };
# Some 'catch-all' logfiles.
#
destination d_debug { file("/var/log/debug"); };
destination d_error { file("/var/log/error"); };
destination d_messages { file("/var/log/messages"); };
# The root's console.
#
destination d_console { usertty("root"); };
# Virtual console.
#
destination d_console_all { file(`tty10`); };
# The named pipe /dev/xconsole is for the nsole' utility. To use it,
# you must invoke nsole' with the -file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
destination d_xconsole { pipe("/dev/xconsole"); };
# Send the messages to an other host
#
#destination d_net { tcp("127.0.0.1" port(1000) log_fifo_size(1000)); };
# Debian only
destination d_ppp { file("/var/log/ppp.log"); };
# Elasticsearch destination
destination d_es {
elasticsearch2 (
cluster("syslog-ng")
client-lib-dir("/usr/share/elasticsearch/lib/")
client-lib-dir("/opt/syslog-ng/jre1.8.0_171/lib/")
time-zone("UTC")
cluster-url("http://localhost:9200")
client_mode("http")
index("*log*")
type("syslog")
template("$(format-json --scope rfc5424 --scope nv-pairs --exclude DATE --key ISODATE)")
);
};
#
#
########################
# Filters
########################
# Here's come the filter options. With this rules, we can set which
# message go where.
filter f_dbg { level(debug); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_err { level(err); };
filter f_crit { level(crit .. emerg); };
filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); };
filter f_error { level(err .. emerg) ; };
filter f_messages { level(info,notice,warn) and
not facility(auth,authpriv,cron,daemon,mail,news); };
filter f_auth { facility(auth, authpriv) and not filter(f_debug); };
filter f_cron { facility(cron) and not filter(f_debug); };
filter f_daemon { facility(daemon) and not filter(f_debug); };
filter f_kern { facility(kern) and not filter(f_debug); };
filter f_lpr { facility(lpr) and not filter(f_debug); };
filter f_local { facility(local0, local1, local3, local4, local5,
local6, local7) and not filter(f_debug); };
filter f_mail { facility(mail) and not filter(f_debug); };
filter f_news { facility(news) and not filter(f_debug); };
filter f_syslog3 { not facility(auth, authpriv, mail) and not filter(f_debug); };
filter f_user { facility(user) and not filter(f_debug); };
filter f_uucp { facility(uucp) and not filter(f_debug); };
filter f_cnews { level(notice, err, crit) and facility(news); };
filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); };
filter f_ppp { facility(local2) and not filter(f_debug); };
filter f_console { level(warn .. emerg); };
########################
# Log paths
########################
log { source(s_src); filter(f_auth); destination(d_auth); };
log { source(s_src); filter(f_cron); destination(d_cron); };
log { source(s_src); filter(f_daemon); destination(d_daemon); };
log { source(s_src); filter(f_kern); destination(d_kern); };
log { source(s_src); filter(f_lpr); destination(d_lpr); };
log { source(s_src); filter(f_syslog3); destination(d_syslog); };
log { source(s_src); filter(f_user); destination(d_user); };
log { source(s_src); filter(f_uucp); destination(d_uucp); };
log { source(s_src); filter(f_mail); destination(d_mail); };
#log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); };
#log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); };
#log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); };
log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); };
log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); };
log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); };
#log { source(s_src); filter(f_cnews); destination(d_console_all); };
#log { source(s_src); filter(f_cother); destination(d_console_all); };
#log { source(s_src); filter(f_ppp); destination(d_ppp); };
log { source(s_src); filter(f_debug); destination(d_debug); };
log { source(s_src); filter(f_error); destination(d_error); };
log { source(s_src); filter(f_messages); destination(d_messages); };
log { source(s_src); filter(f_console); destination(d_console_all);
destination(d_xconsole); };
log { source(s_src); filter(f_crit); destination(d_console); };
# All messages send to a remote site
#
#log { source(s_src); destination(d_net); };
log { source(s_net); destination(d_es); flags(flow-control); };
###
# Include all config files in /etc/syslog-ng/conf.d/
###
@include "/etc/syslog-ng/conf.d/*.conf"
More information about the syslog-ng
mailing list