[syslog-ng] syslog-ng Digest, Vol 169, Issue 3
Péter, Kókai
peter.kokai at oneidentity.com
Thu May 2 16:43:29 UTC 2019
Hello,
A really dummy question, but does your source is used in any logpath ?
If not try to use in one logpath.
--
Kokan
On Thu, May 2, 2019 at 5:32 PM Simon Tyler <simon.tyler at aon.com> wrote:
> Hi Peter,
>
> I commented out the network entry and uncommented this tcp entry:
> source s_net {
> tcp(ip(10.8.41.60) port(514));
> };
>
> I can see syslog-ng start up and process local log messages:
>
> [root at ip-10-8-41-60 syslog-ng]# syslog-ng --debug
> Trying to open module; module='syslogformat',
> filename='/lib64/syslog-ng/libsyslogformat.so'
> Trying to open module; module='basicfuncs',
> filename='/lib64/syslog-ng/libbasicfuncs.so'
> Trying to open module; module='afsocket',
> filename='/lib64/syslog-ng/libafsocket.so'
> Trying to open module; module='affile',
> filename='/lib64/syslog-ng/libaffile.so'
> Trying to open module; module='afprog',
> filename='/lib64/syslog-ng/libafprog.so'
> Trying to open module; module='afuser',
> filename='/lib64/syslog-ng/libafuser.so'
> Trying to open module; module='dbparser',
> filename='/lib64/syslog-ng/libdbparser.so'
> Trying to open module; module='csvparser',
> filename='/lib64/syslog-ng/libcsvparser.so'
> Trying to open module; module='afsql',
> filename='/lib64/syslog-ng/libafsql.so'
> Starting to read include file; filename='/etc/syslog-ng/scl.conf',
> depth='1'
> Global value changed; define='scl-root',
> value='/usr/share/syslog-ng/include/scl'
> Global value changed; define='include-path',
> value='/etc/syslog-ng:/usr/share/syslog-ng/include'
> Starting to read include file; filename='/etc/syslog-ng/modules.conf',
> depth='2'
> Global value changed; define='autoload-compiled-modules', value='0'
> Trying to open module; module='syslogformat',
> filename='/lib64/syslog-ng/libsyslogformat.so'
> Attempted to register the same plugin multiple times, ignoring;
> context='format', name='syslog'
> Trying to open module; module='basicfuncs',
> filename='/lib64/syslog-ng/libbasicfuncs.so'
> Attempted to register the same plugin multiple times, ignoring;
> context='template-func', name='echo'
> Attempted to register the same plugin multiple times, ignoring;
> context='template-func', name='grep'
> Attempted to register the same plugin multiple times, ignoring;
> context='template-func', name='if'
> Trying to open module; module='afsocket',
> filename='/lib64/syslog-ng/libafsocket.so'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='unix-stream'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='unix-stream'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='unix-dgram'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='unix-dgram'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='tcp'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='tcp'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='tcp6'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='tcp6'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='udp'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='udp'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='udp6'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='udp6'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='syslog'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='syslog'
> Trying to open module; module='affile',
> filename='/lib64/syslog-ng/libaffile.so'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='file'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='pipe'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='file'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='pipe'
> Trying to open module; module='afprog',
> filename='/lib64/syslog-ng/libafprog.so'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='program'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='program'
> Trying to open module; module='afuser',
> filename='/lib64/syslog-ng/libafuser.so'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='usertty'
> Trying to open module; module='dbparser',
> filename='/lib64/syslog-ng/libdbparser.so'
> Attempted to register the same plugin multiple times, ignoring;
> context='parser', name='db-parser'
> Trying to open module; module='csvparser',
> filename='/lib64/syslog-ng/libcsvparser.so'
> Attempted to register the same plugin multiple times, ignoring;
> context='parser', name='csv-parser'
> Finishing include; filename='/etc/syslog-ng/modules.conf', depth='2'
> Starting to read include file;
> filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2'
> Trying to open module; module='confgen',
> filename='/lib64/syslog-ng/libconfgen.so'
> Finishing include;
> filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2'
> Starting to read include file;
> filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
> Finishing include;
> filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
> Starting to read include file;
> filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf',
> depth='2'
> Trying to open module; module='confgen',
> filename='/lib64/syslog-ng/libconfgen.so'
> Finishing include;
> filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf',
> depth='2'
> Finishing include; filename='/etc/syslog-ng/scl.conf', depth='1'
> Running application hooks; hook='1'
> Running application hooks; hook='3'
> syslog-ng starting up; version='3.2.5'
> Incoming log entry; line='<30>May 2 15:20:55 dhclient[1689]: XMT: Solicit
> on eth0, interval 129080ms.'
>
> But, there is no syslog process listening on port 514 or any other port.
> I did try upgrading to a more recent version 3.19 from here:
> https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng319/repo/epel-7/czanik-syslog-ng319-epel-7.repo
> however this is an Amazon linux instance and it appears to conflict with
> some of the operating system packages.
>
> I thought I would check in with you one more time to see if you have any
> other suggestions; otherwise, I can try Centos and a more recent version of
> syslog-ng.
>
> Thanks again for your help,
>
> Simon Tyler | Senior Systems Administrator - PathWise Solutions Group
> Aon
> 225 King Street West, Suite 1000 | Toronto, ON M5V 3M2, Canada
> t +1.416.263.7755 | m +1.416.564.4855 | f +1.416.979.7724
> simon.tyler at aon.com
> PLEASE NOTE that my email address has changed to simon.tyler at aon.com
>
>
> -----Original Message-----
> From: syslog-ng [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of
> syslog-ng-request at lists.balabit.hu
> Sent: Thursday, May 02, 2019 1:23 AM
> To: syslog-ng at lists.balabit.hu
> Subject: syslog-ng Digest, Vol 169, Issue 3
>
> Send syslog-ng mailing list submissions to
> syslog-ng at lists.balabit.hu
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> or, via email, send a message with subject or body 'help' to
> syslog-ng-request at lists.balabit.hu
>
> You can reach the person managing the list at
> syslog-ng-owner at lists.balabit.hu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of syslog-ng digest..."
>
>
> Today's Topics:
>
> 1. Re: syslog-ng Digest, Vol 169, Issue 1 (Péter)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 2 May 2019 07:22:28 +0200
> From: Péter, Kókai <peter.kokai at oneidentity.com>
> To: "Syslog-ng users' and developers' mailing list"
> <syslog-ng at lists.balabit.hu>
> Subject: Re: [syslog-ng] syslog-ng Digest, Vol 169, Issue 1
> Message-ID:
> <
> CABxQCphefFz0VVvGYVkGzMr6GzUPbeHVp3b8Gq_fbgcRazKJaQ at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hello,
>
> Okay I see it now. You are using a version (3.2) which as far as I can see
> did not have *network* keyword at all.
> Instead of *network*, you could use tcp, udp, tls, ...
>
> Or even better upgrade to something much newer if possible :)
>
> The "Avaiable-Modules" is also a later feature, so that was a reason not to
> show up the list of modules, not the lack of them.
>
> --
> Kokan
>
> On Wed, May 1, 2019 at 9:41 PM Simon Tyler <simon.tyler at aon.com> wrote:
>
> > Hi Kohan,
> >
> > It appears that modules are not loading?
> >
> > [root at ip-10-8-41-60 syslog-ng]# syslog-ng -V
> > syslog-ng 3.2.5
> > Installer-Version: 3.2.5
> > Revision: ssh+git://bazsi@git.balabit
> >
> //var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.2#master#9d4bea28198bd731df1a61e980a2af5b88d81116
> > Compile-Date: Jul 25 2014 15:20:50
> > Enable-Threads: on
> > Enable-Debug: off
> > Enable-GProf: off
> > Enable-Memtrace: off
> > Enable-Sun-STREAMS: off
> > Enable-IPv6: on
> > Enable-Spoof-Source: on
> > Enable-TCP-Wrapper: on
> > Enable-SSL: off
> > Enable-SQL: on
> > Enable-Linux-Caps: off
> > Enable-Pcre: on
> > Enable-Pacct: off
> >
> > -------------------------------------------------------------
> > I tried putting full path to modules.conf in scl.conf:
> >
> > [root at ip-10-8-41-60 syslog-ng]# cat scl.conf
> >
> >
> #############################################################################
> > # Copyright (c) 2010 BalaBit IT Ltd, Budapest, Hungary
> > #
> > # This program is free software; you can redistribute it and/or modify it
> > # under the terms of the GNU General Public License version 2 as
> published
> > # by the Free Software Foundation, or (at your option) any later version.
> > #
> > # As an additional exemption you are allowed to compile & link against
> the
> > # OpenSSL libraries as published by the OpenSSL project. See the file
> > # COPYING for details.
> > #
> > # This program is distributed in the hope that it will be useful,
> > # but WITHOUT ANY WARRANTY; without even the implied warranty of
> > # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> > # GNU General Public License for more details.
> > #
> > # You should have received a copy of the GNU General Public License
> > # along with this program; if not, write to the Free Software
> > # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
> > USA
> > #
> >
> >
> #############################################################################
> > #
> > # This file is placed into /etc/syslog-ng in order to make it trivial to
> > # include in user written syslog-ng.conf files. It sets up 'scl-root'
> and
> > # `include-path`, then includes all SCL supplied plugins.
> > #
> >
> > @define scl-root "`syslog-ng-data`/include/scl"
> > @define include-path "`include-path`:`syslog-ng-data`/include"
> >
> > #@include 'modules.conf'
> > @include '/etc/syslog-ng/modules.conf'
> > @include 'scl/system/plugin.conf'
> > @include 'scl/pacct/plugin.conf'
> > @include 'scl/syslogconf/plugin.conf'
> >
> > ---------------------------------------------------
> > Debug it seems to be trying to open modules, and it knows where they
> live:
> > [root at ip-10-8-41-60 syslog-ng]# syslog-ng --debug
> > Trying to open module; module='syslogformat',
> > filename='/lib64/syslog-ng/libsyslogformat.so'
> > Trying to open module; module='basicfuncs',
> > filename='/lib64/syslog-ng/libbasicfuncs.so'
> > Trying to open module; module='afsocket',
> > filename='/lib64/syslog-ng/libafsocket.so'
> > Trying to open module; module='affile',
> > filename='/lib64/syslog-ng/libaffile.so'
> > Trying to open module; module='afprog',
> > filename='/lib64/syslog-ng/libafprog.so'
> > Trying to open module; module='afuser',
> > filename='/lib64/syslog-ng/libafuser.so'
> > Trying to open module; module='dbparser',
> > filename='/lib64/syslog-ng/libdbparser.so'
> > Trying to open module; module='csvparser',
> > filename='/lib64/syslog-ng/libcsvparser.so'
> > Trying to open module; module='afsql',
> > filename='/lib64/syslog-ng/libafsql.so'
> > Starting to read include file; filename='/etc/syslog-ng/scl.conf',
> > depth='1'
> > Global value changed; define='scl-root',
> > value='/usr/share/syslog-ng/include/scl'
> > Global value changed; define='include-path',
> > value='/etc/syslog-ng:/usr/share/syslog-ng/include'
> > Starting to read include file; filename='/etc/syslog-ng/modules.conf',
> > depth='2'
> > Global value changed; define='autoload-compiled-modules', value='0'
> > Trying to open module; module='syslogformat',
> > filename='/lib64/syslog-ng/libsyslogformat.so'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='format', name='syslog'
> > Trying to open module; module='basicfuncs',
> > filename='/lib64/syslog-ng/libbasicfuncs.so'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='template-func', name='echo'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='template-func', name='grep'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='template-func', name='if'
> > Trying to open module; module='afsocket',
> > filename='/lib64/syslog-ng/libafsocket.so'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='source', name='unix-stream'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='destination', name='unix-stream'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='source', name='unix-dgram'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='destination', name='unix-dgram'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='source', name='tcp'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='destination', name='tcp'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='source', name='tcp6'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='destination', name='tcp6'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='source', name='udp'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='destination', name='udp'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='source', name='udp6'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='destination', name='udp6'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='source', name='syslog'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='destination', name='syslog'
> > Trying to open module; module='affile',
> > filename='/lib64/syslog-ng/libaffile.so'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='source', name='file'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='source', name='pipe'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='destination', name='file'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='destination', name='pipe'
> > Trying to open module; module='afprog',
> > filename='/lib64/syslog-ng/libafprog.so'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='source', name='program'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='destination', name='program'
> > Trying to open module; module='afuser',
> > filename='/lib64/syslog-ng/libafuser.so'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='destination', name='usertty'
> > Trying to open module; module='dbparser',
> > filename='/lib64/syslog-ng/libdbparser.so'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='parser', name='db-parser'
> > Trying to open module; module='csvparser',
> > filename='/lib64/syslog-ng/libcsvparser.so'
> > Attempted to register the same plugin multiple times, ignoring;
> > context='parser', name='csv-parser'
> > Finishing include; filename='/etc/syslog-ng/modules.conf', depth='2'
> > Starting to read include file;
> > filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2'
> > Trying to open module; module='confgen',
> > filename='/lib64/syslog-ng/libconfgen.so'
> > Finishing include;
> > filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2'
> > Starting to read include file;
> > filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
> > Finishing include;
> > filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
> > Starting to read include file;
> > filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf',
> > depth='2'
> > Trying to open module; module='confgen',
> > filename='/lib64/syslog-ng/libconfgen.so'
> > Finishing include;
> > filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf',
> > depth='2'
> > Finishing include; filename='/etc/syslog-ng/scl.conf', depth='1'
> > Error parsing source, source plugin network not found in
> > /etc/syslog-ng/syslog-ng.conf at line 85, column 2:
> >
> > network(
> > ^^^^^^^
> > ---------------------------------------------------------------
> > It is not clear to me what the name is for network module; here are the
> > modules in the file system:
> > [root at ip-10-8-41-60 syslog-ng]# ls /lib64/syslog-ng/
> > libaffile.so libafsocket-notls.so libafsql.so libbasicfuncs.so
> > libconvertfuncs.so libdbparser.so libsyslogformat.so
> > libafprog.so libafsocket.so libafuser.so libconfgen.so
> > libcsvparser.so libdummy.so
> >
> > Thank you for your advice,
> >
> >
> >
> >
> > Simon Tyler | Senior Systems Administrator - PathWise Solutions Group
> > Aon
> > 225 King Street West, Suite 1000 | Toronto, ON M5V 3M2, Canada
> > t +1.416.263.7755 | m +1.416.564.4855 | f +1.416.979.7724
> > simon.tyler at aon.com
> > PLEASE NOTE that my email address has changed to simon.tyler at aon.com
> >
> >
> >
> > -----Original Message-----
> > From: syslog-ng [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of
> > syslog-ng-request at lists.balabit.hu
> > Sent: Wednesday, May 01, 2019 12:47 PM
> > To: syslog-ng at lists.balabit.hu
> > Subject: syslog-ng Digest, Vol 169, Issue 1
> >
> > Send syslog-ng mailing list submissions to
> > syslog-ng at lists.balabit.hu
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > or, via email, send a message with subject or body 'help' to
> > syslog-ng-request at lists.balabit.hu
> >
> > You can reach the person managing the list at
> > syslog-ng-owner at lists.balabit.hu
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of syslog-ng digest..."
> >
> >
> > Today's Topics:
> >
> > 1. source plugin network not found/problems getting syslog-ng
> > to listen on tcp port (Simon Tyler)
> > 2. Re: source plugin network not found/problems getting
> > syslog-ng to listen on tcp port (Péter)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Wed, 1 May 2019 15:22:26 +0000
> > From: Simon Tyler <simon.tyler at aon.com>
> > To: "syslog-ng at lists.balabit.hu" <syslog-ng at lists.balabit.hu>
> > Subject: [syslog-ng] source plugin network not found/problems getting
> > syslog-ng to listen on tcp port
> > Message-ID:
> > <
> >
> DM5P170MB0015DD8BF273A79D22817BAAFB3B0 at DM5P170MB0015.NAMP170.PROD.OUTLOOK.COM
> > >
> >
> > Content-Type: text/plain; charset="utf-8"
> >
> > Hello,
> >
> > I'm new to syslog-ng, and I'm having some trouble just getting it to
> > listen on a tcp port. I've tried several different configurations. Some
> of
> > the start up with no error, but a netstat or lsof command shows that
> there
> > is no open /listening tcp port associated with the process. I'm pretty
> sure
> > my mistake is basic or fundamental, but I haven't had much luck finding
> > specific details to resolve this issue; there is a fair amount of
> material
> > to comb through. I've tried several different tutorials.
> >
> > I want a central log server that accepts logs from multiple sources, so I
> > started by trying to configure it to listen on a tcp port, I'm thinking
> 514
> > because we don't use rshell anywhere, but it doesn't really matter what
> > port.
> >
> > The current error I'm getting is:
> >
> > [root at ip-10-8-41-60 syslog-ng]# service syslog-ng start
> > Error parsing source, source plugin network not found in
> > /etc/syslog-ng/syslog-ng.conf at line 85, column 2:
> >
> > network(
> > ^^^^^^^
> >
> > The section of the config file related to networking is below; I've
> > commented out several attempts.
> >
> > # s_net = Network listener. This is listening on TCP port 514, no UDP
> > #source s_net { tcp(port(514) max-connections(5000)); udp();};
> >
> > #source s_net {
> > # tcp(ip(10.8.41.60) port(514));
> > #};
> >
> > #source s_net {
> > # network(ip(10.8.41.60) port(514));
> > #};
> >
> > #source s_network {
> > # default-network-drivers();
> > #};
> >
> > #source s_syslog { syslog(
> > # ip(10.8.41.60) port(514) transport("tcp")); };
> >
> > source s_network {
> > network(
> > ip("10.8.41.60")
> > transport("tcp")
> > listen-backlog(2048)
> > );
> > };
> >
> > There is a line at the top of the file:
> > @include "scl.conf"
> >
> > I've attached the entire file.
> >
> > Any guidance would be very much appreciated,
> >
> > Simon Tyler | Senior Systems Administrator - PathWise Solutions Group
> > Aon
> > 225 King Street West, Suite 1000 | Toronto, ON M5V 3M2, Canada
> > t +1.416.263.7755 | m +1.416.564.4855 | f +1.416.979.7724
> > simon.tyler at aon.com<mailto:simon.tyler at aon.com>
> > PLEASE NOTE that my email address has changed to simon.tyler at aon.com
> >
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <
> >
> http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190501/4cfbf496/attachment-0001.html
> > >
> > -------------- next part --------------
> > A non-text attachment was scrubbed...
> > Name: syslog-ng.conf
> > Type: application/octet-stream
> > Size: 4159 bytes
> > Desc: syslog-ng.conf
> > URL: <
> >
> http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190501/4cfbf496/attachment-0001.obj
> > >
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Wed, 1 May 2019 18:46:41 +0200
> > From: Péter, Kókai <peter.kokai at oneidentity.com>
> > To: "Syslog-ng users' and developers' mailing list"
> > <syslog-ng at lists.balabit.hu>
> > Subject: Re: [syslog-ng] source plugin network not found/problems
> > getting syslog-ng to listen on tcp port
> > Message-ID:
> > <CABxQCphBGgTm47G=
> > KVSB67Ri6BRKUZYgX-HvAj1SrS9ofMoaoQ at mail.gmail.com>
> > Content-Type: text/plain; charset="utf-8"
> >
> > Hello,
> >
> > It either looks for a wrong place for the network module or that actually
> > really not installed.
> >
> > You could run the following: syslog-ng -V
> > That should provide something like this:
> >
> > syslog-ng 3.20.1.317.g98479aa
> > Config version: 3.20
> > Installer-Version: 3.20.1.317.g98479aa
> > Revision: 3.20.1.317.g98479aa
> > Module-Directory: /tmp/install/lib/syslog-ng
> > Module-Path: /tmp/install/lib/syslog-ng
> > Include-Path: /tmp/install/share/syslog-ng/include
> > Available-Modules:
> >
> >
> xml,tags-parser,system-source,sdjournal,syslogformat,stardate,snmptrapd_parser,riemann,mod-python,pseudofile,pacctformat,map_value_pairs,linux-kmsg-format,kvformat,json-plugin,http,hook-commands,graphite,tfgetent,geoip2-plugin,geoip-plugin,examples,disk-buffer,dbparser,date,csvparser,cryptofuncs,confgen,cef,basicfuncs,appmodel,afuser,afstomp,afsql,afsocket,afprog,affile,afamqp,add_contextual_data
> > Enable-Debug: on
> > Enable-GProf: off
> > Enable-Memtrace: off
> > Enable-IPv6: on
> > Enable-Spoof-Source: off
> > Enable-TCP-Wrapper: off
> > Enable-Linux-Caps: on
> > Enable-Systemd: on
> >
> > Check if the "Available-Modules" line has the *afsocket*, if the
> *afsocket*
> > is not listed there, try to look in the "Module-Path:" directory for
> > *libafsocket.so", if it is missing maybe it is actually in a different
> > package, you may need to install something like syslog-ng-mod-afsocket.
> >
> > If you find the *libafsocket.so* in the directory I would run
> > syslog-ng --module-registry -dvt (possibly past its result here) or look
> > for error message as why it cannot load *libafsocket.so*.
> >
> >
> > --
> > Kokan
> >
> > On Wed, May 1, 2019 at 5:22 PM Simon Tyler <simon.tyler at aon.com> wrote:
> >
> > > Hello,
> > >
> > >
> > >
> > > I’m new to syslog-ng, and I’m having some trouble just getting it to
> > > listen on a tcp port. I’ve tried several different configurations. Some
> > of
> > > the start up with no error, but a netstat or lsof command shows that
> > there
> > > is no open /listening tcp port associated with the process. I’m pretty
> > sure
> > > my mistake is basic or fundamental, but I haven’t had much luck finding
> > > specific details to resolve this issue; there is a fair amount of
> > material
> > > to comb through. I’ve tried several different tutorials.
> > >
> > >
> > >
> > > I want a central log server that accepts logs from multiple sources,
> so I
> > > started by trying to configure it to listen on a tcp port, I’m thinking
> > 514
> > > because we don’t use rshell anywhere, but it doesn’t really matter what
> > > port.
> > >
> > >
> > >
> > > The current error I’m getting is:
> > >
> > >
> > >
> > > [root at ip-10-8-41-60 syslog-ng]# service syslog-ng start
> > >
> > > Error parsing source, source plugin network not found in
> > > /etc/syslog-ng/syslog-ng.conf at line 85, column 2:
> > >
> > >
> > >
> > > network(
> > >
> > > ^^^^^^^
> > >
> > >
> > >
> > > The section of the config file related to networking is below; I’ve
> > > commented out several attempts.
> > >
> > >
> > >
> > > # s_net = Network listener. This is listening on TCP port 514, no UDP
> > >
> > > #source s_net { tcp(port(514) max-connections(5000)); udp();};
> > >
> > >
> > >
> > > #source s_net {
> > >
> > > # tcp(ip(10.8.41.60) port(514));
> > >
> > > #};
> > >
> > >
> > >
> > > #source s_net {
> > >
> > > # network(ip(10.8.41.60) port(514));
> > >
> > > #};
> > >
> > >
> > >
> > > #source s_network {
> > >
> > > # default-network-drivers();
> > >
> > > #};
> > >
> > >
> > >
> > > #source s_syslog { syslog(
> > >
> > > # ip(10.8.41.60) port(514) transport("tcp")); };
> > >
> > >
> > >
> > > source s_network {
> > >
> > > network(
> > >
> > > ip("10.8.41.60")
> > >
> > > transport("tcp")
> > >
> > > listen-backlog(2048)
> > >
> > > );
> > >
> > > };
> > >
> > >
> > >
> > > There is a line at the top of the file:
> > >
> > > @include "scl.conf"
> > >
> > >
> > >
> > > I’ve attached the entire file.
> > >
> > >
> > >
> > > Any guidance would be very much appreciated,
> > >
> > >
> > >
> > > *Simon Tyler *| Senior Systems Administrator - PathWise Solutions
> Group
> > > Aon
> > > 225 King Street West, Suite 1000 | Toronto, ON M5V 3M2, Canada
> > > t +1.416.263.7755 | m +1.416.564.4855 | f +1.416.979.7724
> > > *simon.tyler at aon.com <simon.tyler at aon.com>*
> > >
> > > *PLEASE NOTE that my email address has changed to simon.tyler at aon.com
> > > <http://simon.tyler@aon.com>*
> > >
> > >
> > >
> > >
> >
> ______________________________________________________________________________
> > > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > Documentation:
> > > http://www.balabit.com/support/documentation/?product=syslog-ng
> > > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> > >
> > >
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <
> >
> http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190501/715578b1/attachment.html
> > >
> >
> > ------------------------------
> >
> > Subject: Digest Footer
> >
> > _______________________________________________
> > syslog-ng maillist - syslog-ng at lists.balabit.hu
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >
> >
> > ------------------------------
> >
> > End of syslog-ng Digest, Vol 169, Issue 1
> > *****************************************
> >
> >
> ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> > http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190502/b6b91ca5/attachment.html
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>
>
> ------------------------------
>
> End of syslog-ng Digest, Vol 169, Issue 3
> *****************************************
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190502/91b2e00b/attachment-0001.html>
More information about the syslog-ng
mailing list