[syslog-ng] Difficulty with Elasticsearch Destination

Peter Kokai (pkokai) Peter.Kokai at oneidentity.com
Sun Jun 16 06:44:14 UTC 2019 

Hello,

Please check which version of the documentation you use, most likely you obtained the latest instead of 3.8.1 (your version).

The elasticsearch-http was introduced in the  https://github.com/balabit/syslog-ng/releases/tag/syslog-ng-3.21.1 see the release notes.

--
Kokan

Get Outlook for Android<https://aka.ms/ghei36>

________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Kelly Marchewa <kelly_marchewa at yahoo.com>
Sent: Sunday, June 16, 2019 3:19:05 AM
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] Difficulty with Elasticsearch Destination

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.


Greetings all:

I recently installed syslog-ng on my Debian 9 system. I have tested syslog-ng with a file destination and everything seemed fine. Now, I am attempting?? to set the destination to my local Elasticsearch instance. However, I am receiving the following error:

Error parsing destination, destination plugin elasticsearch-http not found in /etc/syslog-ng/syslog-ng.conf at line 44, column 1:

elasticsearch-http(

^^^^^^^^^^^^^^^^^^

My configuration, based on the documentation:

elasticsearch-http(
?? index("syslog")
?? type("test")
?? url("http:/localhost:9200/_bulk"<http:/localhost:9200/_bulk>));
};


Output of syslog-ng --version:

syslog-ng 3.8.1
Installer-Version: 3.8.1
Revision: 3.8.1-10
Module-Directory: /usr/lib/syslog-ng/3.8
Module-Path: /usr/lib/syslog-ng/3.8
Available-Modules: disk-buffer,redis,date,afstomp,afprog,afsocket,pseudofile,confgen,csvparser,afsql,kvformat,geoip-plugin,afuser,afsmtp,system-source,mod-python,afamqp,riemann,linux-kmsg-format,dbparser,basicfuncs,syslogformat,graphite,afmongodb,json-plugin,cryptofuncs,affile,sdjournal,cef,add-contextual-data
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: off

I saw no indication in the documentation that any special modules/plugins needed to be loaded to use Elasticsearch as the destination. Any pointers as to what the issue is would be appreciated.??

Thanks!
--
Kelly Marchewa
kelly_marchewa at yahoo.com<mailto:kelly_marchewa at yahoo.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190616/98d51a09/attachment.html>

More information about the syslog-ng mailing list