[syslog-ng] source plugin network not found/problems getting syslog-ng to listen on tcp port

Péter, Kókai peter.kokai at oneidentity.com
Wed May 1 16:46:41 UTC 2019 

Hello,

It either looks for a wrong place for the network module or that actually
really not installed.

You could run the following: syslog-ng -V
That should provide something like this:

syslog-ng 3.20.1.317.g98479aa
Config version: 3.20
Installer-Version: 3.20.1.317.g98479aa
Revision: 3.20.1.317.g98479aa
Module-Directory: /tmp/install/lib/syslog-ng
Module-Path: /tmp/install/lib/syslog-ng
Include-Path: /tmp/install/share/syslog-ng/include
Available-Modules:
xml,tags-parser,system-source,sdjournal,syslogformat,stardate,snmptrapd_parser,riemann,mod-python,pseudofile,pacctformat,map_value_pairs,linux-kmsg-format,kvformat,json-plugin,http,hook-commands,graphite,tfgetent,geoip2-plugin,geoip-plugin,examples,disk-buffer,dbparser,date,csvparser,cryptofuncs,confgen,cef,basicfuncs,appmodel,afuser,afstomp,afsql,afsocket,afprog,affile,afamqp,add_contextual_data
Enable-Debug: on
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: off
Enable-TCP-Wrapper: off
Enable-Linux-Caps: on
Enable-Systemd: on

Check if the "Available-Modules" line has the *afsocket*, if the *afsocket*
is not listed there, try to look in the "Module-Path:" directory for
*libafsocket.so", if it is missing maybe it is actually in a different
package, you may need to install something like syslog-ng-mod-afsocket.

If you find the *libafsocket.so* in the directory I would run
syslog-ng --module-registry -dvt (possibly past its result here) or look
for error message as why it cannot load *libafsocket.so*.


--
Kokan

On Wed, May 1, 2019 at 5:22 PM Simon Tyler <simon.tyler at aon.com> wrote:

> Hello,
>
>
>
> I’m new to syslog-ng, and I’m having some trouble just getting it to
> listen on a tcp port. I’ve tried several different configurations. Some of
> the start up with no error, but a netstat or lsof command shows that there
> is no open /listening tcp port associated with the process. I’m pretty sure
> my mistake is basic or fundamental, but I haven’t had much luck finding
> specific details to resolve this issue; there is a fair amount of material
> to comb through. I’ve tried several different tutorials.
>
>
>
> I want a central log server that accepts logs from multiple sources, so I
> started by trying to configure it to listen on a tcp port, I’m thinking 514
> because we don’t use rshell anywhere, but it doesn’t really matter what
> port.
>
>
>
> The current error I’m getting is:
>
>
>
> [root at ip-10-8-41-60 syslog-ng]# service syslog-ng start
>
> Error parsing source, source plugin network not found in
> /etc/syslog-ng/syslog-ng.conf at line 85, column 2:
>
>
>
>         network(
>
>         ^^^^^^^
>
>
>
> The section of the config file related to networking is below; I’ve
> commented out several attempts.
>
>
>
> # s_net = Network listener. This is listening on TCP port 514, no UDP
>
> #source s_net { tcp(port(514) max-connections(5000)); udp();};
>
>
>
> #source s_net {
>
> #       tcp(ip(10.8.41.60) port(514));
>
> #};
>
>
>
> #source s_net {
>
> #       network(ip(10.8.41.60) port(514));
>
> #};
>
>
>
> #source s_network {
>
> #       default-network-drivers();
>
> #};
>
>
>
> #source s_syslog { syslog(
>
> #               ip(10.8.41.60) port(514) transport("tcp")); };
>
>
>
> source s_network {
>
>         network(
>
>                 ip("10.8.41.60")
>
>                 transport("tcp")
>
>                 listen-backlog(2048)
>
>                 );
>
> };
>
>
>
> There is a line at the top of the file:
>
> @include "scl.conf"
>
>
>
> I’ve attached the entire file.
>
>
>
> Any guidance would be very much appreciated,
>
>
>
> *Simon Tyler  *|  Senior Systems Administrator - PathWise Solutions Group
> Aon
> 225 King Street West, Suite 1000  |  Toronto, ON M5V 3M2, Canada
> t +1.416.263.7755  |  m +1.416.564.4855  |  f +1.416.979.7724
> *simon.tyler at aon.com <simon.tyler at aon.com>*
>
> *PLEASE NOTE that my email address has changed to simon.tyler at aon.com
> <http://simon.tyler@aon.com>*
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190501/715578b1/attachment-0001.html>

More information about the syslog-ng mailing list