syslog-ng Ubuntu
December 15, 2017
Errors you may get:
Can't find class; class_name='org.syslog_ng.elasticsearch_v2.ElasticSearchDestination'
Working configuration:
@version:3.13
@module mod-java
@include "scl.conf"
options {
flush_lines(0);
keep_hostname(yes);
normalize_hostnames(yes);
threaded(yes);
};
source s_local { system(); internal(); };
source s_network { syslog(transport(tcp)); };
destination d_all { file ("/var/log/all.log"); };
destination d_elastic {
elasticsearch2(
client-lib-dir("/usr/lib/syslog-ng/3.13/java-modules/elastic-jest-client/*.jar:/usr/share/elasticsearch/lib/:/usr/lib/syslog-ng/3.13/java-modules/")
client_mode("http")
cluster_url("http://your-elasticsearch:9200")
index("syslog-ng_${YEAR}.${MONTH}.${DAY}")
type("syslog")
cluster("test")
flush-limit("1000")
template("$(format-json --scope rfc5424 --scope nv-pairs --exclude DATE --key ISODATE)")
time-zone("UTC")
);
};
log { source(s_network); destination(d_elastic); };
log { source(s_local); destination(d_all); };
Notice the client-lib-dir line:
client-lib-dir("/usr/lib/syslog-ng/3.13/java-modules/elastic-jest-client/*.jar:/usr/share/elasticsearch/lib/:/usr/lib/syslog-ng/3.13/java-modules/")