[syslog-ng] syslog-ng and ELK integration

Park, Ethan ethan.park at exac.com
Mon Apr 4 16:22:57 UTC 2022


Greetings,

I don't know this is the right place to ask about this question but I will give it a shot. We are running a syslog-ng server and we want to use Kibana as a visualization tool.
I got stuck in at this point when configuring conf.d file.

source s_tcp {
        tcp(ip("0.0.0.0") port("514"));
        udp(ip("0.0.0.0") port("514"));
};

destination d_el {
        elasticsearch2(
                client-mode("http")
                index("syslog-ng")
                type("test")
                cluster-url(http://10.1.3.222:9200)
        );
        #file("/var/log/networks/$HOST/$YEAR/$MONTH/$HOST-$YEAR-$MONTH-$DAY.log");
};

log {
        source(s_tcp);
        destination(d_el);
        flags(flow-control);
};

If I start syslog-ng daemon, I got the below error.

Apr 04 11:54:42 syslog-ng syslog-ng[22294]: [2022-04-04T11:54:42.443764] Plugin module not found in 'module-path'; module-path='/usr/lib/syslog-ng/3.13', module='mod-java'
Apr 04 11:54:42 syslog-ng syslog-ng[22294]: Error parsing destination, destination plugin elasticsearch2 not found in /etc/syslog-ng/conf.d/firewals.conf at line 10, column
Apr 04 11:54:42 syslog-ng syslog-ng[22294]:                                                             included from /etc/syslog-ng/syslog-ng.conf line 163, column 1
Apr 04 11:54:42 syslog-ng syslog-ng[22294]:         elasticsearch2(
Apr 04 11:54:42 syslog-ng syslog-ng[22294]:         ^^^^^^^^^^^^^^
Apr 04 11:54:42 syslog-ng syslog-ng[22294]: syslog-ng documentation: https://www.balabit.com/support/documentation?product=syslog-ng-ose
Apr 04 11:54:42 syslog-ng syslog-ng[22294]: contact: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Apr 04 11:54:42 syslog-ng systemd[1]: syslog-ng.service: Main process exited, code=exited, status=1/FAILURE
Apr 04 11:54:42 syslog-ng systemd[1]: syslog-ng.service: Failed with result 'exit-code'.
Apr 04 11:54:42 syslog-ng systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed

I am running 3.13 (syslog-ng) and what did I miss?
PRIVILEGED AND CONFIDENTIAL COMMUNICATION

This message is privileged and confidential under state and federal law.  
It is intended for the exclusive use of the named recipient.  If the reader of this message is not the named or intended recipient, 
or the employee or agent responsible for delivering the message to its intended recipient, you are hereby notified that any use, copying, disclosure or dissemination of this message is strictly prohibited.  
If you are not the named or intended recipient and have received this communication in error, please notify us immediately by replying to the sender of this e-mail or at the address and phone number listed below, 
and take all steps necessary to delete this communication.

Exactech, Inc.
2320 NW 66th Ct.
Gainesville, FL. 32653
352-377-1140
An Equal Opportunity Employer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20220404/c72ccfe9/attachment.htm>


More information about the syslog-ng mailing list