[prev in list] [next in list] [prev in thread] [next in thread]
List: syslog-ng
Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
From: Attila Szalai <Attila.Szalai () morganstanley ! com>
Date: 2016-05-12 12:27:29
Message-ID: CAB3Fwiv3g9kuZJBu_xmJ6J6Dxr90+FEMy-kXO3u3a9N7uM2KoA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I'm a bit confused now.
The syslog-ng -Fevd starts the syslog-ng in the foreground. When you press
Ctrl-C or would like to do anything with that terminal, it stop working. If
you want to run the syslog-ng in the long term, you should start it through
the systemctl command. But make sure, that you start the same syslog-ng in
both time and use the same config too.
Also remember that both syslog-ng cannot run in the same time. So you have
to stop the one you started from the console before start it with the
systemctl.
What error do you get when you start with systemctl?
On Thu, May 12, 2016 at 2:21 PM, Ivan Adji - Krstev <akivanradix@gmail.com>
wrote:
> That is how i start any services or restart it or stop it. What i have
> done now is
> 1. systemctl stop syslog-ng
> 2. syslog-ng -Fevd
>
> And i have send you the output of it. I can see that I'm receiving logs
> from the clients, but im really confused how is working when its shutdown.
> Now if I execute *systemctl start syslog-ng *ill get the error.
>
> Also i have done the same procedures and they working fine. Now on a newly
> freshed installation i can't get it work.
>
> And i really don't know what to do next and where do i continue with.
>
> Kind regards
> Ivan
>
> On 05/12/2016 02:14 PM, Várady, László wrote:
>
> If I understand your problem correctly, you should just execute 'systemctl
> start syslog-ng' to start it again in daemon mode.
>
> On Thu, May 12, 2016 at 2:09 PM, Ivan Adji - Krstev <akivanradix@gmail.com
> > wrote:
>
> > Yes i guess but the syslog-ng is stop, how is it hes running ? I have
> > execute
> > *systemctl stop syslog-ng *How is that is running. And there is nothing
> > in a process or in a network:
> >
> > [root@syslogserver syslog-ng]# ps axu | grep syslog
> > root 3546 0.0 0.0 112644 964 pts/0 S+ 14:08 0:00 grep
> > --color=auto syslog
> >
> > [root@syslogserver syslog-ng]# lsof | grep LISTEN
> > sshd 825 root 3u IPv4 14259
> > 0t0 TCP *:ssh (LISTEN)
> > sshd 825 root 4u IPv6 14261
> > 0t0 TCP *:ssh (LISTEN)
> > mongod 1544 mongod 6u IPv4 15757
> > 0t0 TCP localhost:27017 (LISTEN)
> > mongod 1544 1685 mongod 6u IPv4 15757
> > 0t0 TCP localhost:27017 (LISTEN)
> > mongod 1544 1988 mongod 6u IPv4 15757
> > 0t0 TCP localhost:27017 (LISTEN)
> > mongod 1544 1989 mongod 6u IPv4 15757
> > 0t0 TCP localhost:27017 (LISTEN)
> > mongod 1544 1990 mongod 6u IPv4 15757
> > 0t0 TCP localhost:27017 (LISTEN)
> > mongod 1544 1991 mongod 6u IPv4 15757
> > 0t0 TCP localhost:27017 (LISTEN)
> > mongod 1544 1992 mongod 6u IPv4 15757
> > 0t0 TCP localhost:27017 (LISTEN)
> > mongod 1544 1993 mongod 6u IPv4 15757
> > 0t0 TCP localhost:27017 (LISTEN)
> > mongod 1544 1994 mongod 6u IPv4 15757
> > 0t0 TCP localhost:27017 (LISTEN)
> > mongod 1544 1995 mongod 6u IPv4 15757
> > 0t0 TCP localhost:27017 (LISTEN)
> > mongod 1544 1996 mongod 6u IPv4 15757
> > 0t0 TCP localhost:27017 (LISTEN)
> > mongod 1544 1999 mongod 6u IPv4 15757
> > 0t0 TCP localhost:27017 (LISTEN)
> > mongod 1544 2000 mongod 6u IPv4 15757
> > 0t0 TCP localhost:27017 (LISTEN)
> > mongod 1544 2001 mongod 6u IPv4 15757
> > 0t0 TCP localhost:27017 (LISTEN)
> > mongod 1544 2002 mongod 6u IPv4 15757
> > 0t0 TCP localhost:27017 (LISTEN)
> > mongod 1544 2003 mongod 6u IPv4 15757
> > 0t0 TCP localhost:27017 (LISTEN)
> > master 1818 root 13u IPv4 16766
> > 0t0 TCP localhost:smtp (LISTEN)
> > master 1818 root 14u IPv6 16767
> > 0t0 TCP localhost:smtp (LISTEN)
> > [root@syslogserver syslog-ng]# netstat -antup | grep 6514
> >
> > [root@syslogserver syslog-ng]#
> >
> >
> > On 05/12/2016 02:03 PM, Várady, László wrote:
> >
> > This output is all about the messages you received, so I think you have a
> > working configuration now.
> >
> > --
> > László Várady
> >
> > On Thu, May 12, 2016 at 1:49 PM, Ivan Adji - Krstev <
> > akivanradix@gmail.com> wrote:
> >
> > > Sorry about the previus messages i was testing and so that i have put
> > > the wrong path of the certificates here it is *syslog-ng -Fevd *output
> > >
> > > [2016-05-12T13:48:13.274891] Filter rule evaluation begins;
> > > rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18'
> > > [2016-05-12T13:48:13.274901] Filter node evaluation result;
> > > result='not-match', type='facility'
> > > [2016-05-12T13:48:13.274912] Filter rule evaluation result;
> > > result='not-match', rule='f_cron',
> > > location='/etc/syslog-ng/syslog-ng.conf:60:18'
> > > [2016-05-12T13:48:13.275397] Outgoing message; message='May 12 13:48:10
> > > syslogserver.novalocal polkitd[630]: Unregistered Authentication Agent for
> > > unix-process:3014:242607 (system bus name :1.74, object path
> > > /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
> > > (disconnected from bus)
> > > '
> > > [2016-05-12T13:48:13.275469] Outgoing message; message='May 12 13:48:11
> > > syslogserver.novalocal sshd[3012]: Connection closed by 115.85.192.40
> > > [preauth]
> > > '
> > > [2016-05-12T13:48:13.275519] Outgoing message; message='May 12 13:48:10
> > > syslogserver.novalocal systemd[1]: Stopped System Logger Daemon.
> > > '
> > >
> > > Ivan
> > >
> > > On 05/12/2016 01:43 PM, Várady, László wrote:
> > >
> > > Hi,
> > >
> > > Did you stop the syslog-ng daemon (systemctl stop syslog-ng) before
> > > running 'syslog-ng -Fevd' manually?
> > >
> > > --
> > > László Várady
> > >
> > > On Thu, May 12, 2016 at 1:16 PM, Ivan Adji - Krstev <
> > > akivanradix@gmail.com> wrote:
> > >
> > > > OK so i get syslog-ng running with the default configuration.... this
> > > > have some problem with the TLS configuration.
> > > >
> > > > What i have done i have create the certificate procedures ( self signed
> > > > certificate ) on my laptop following this article:
> > > > https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-tutorial-mutual-auth-tls/html/create-server-certificate.html
> > > >
> > > > So i generate the server certificate on my laptop and the other
> > > > certificates for the clients. I copy them and put the configuration.
> > > >
> > > > Any other configuration in syslog-ng.conf to put and try to working
> > > > with TLS ?
> > > >
> > > > Kind regards
> > > >
> > > >
> > > >
> > > > On 05/12/2016 12:42 PM, jrhendri wrote:
> > > >
> > > > This has to be something very basic.
> > > > Have you tried checking if another syslog server is running?
> > > > ps -aef |grep syslog
> > > >
> > > > Assuming this shows nothing, try a very simple syslog-ng config file
> > > > and a manual start on the command line.
> > > >
> > > > Make sure you check all the things in your configuration that your copy
> > > > should open beforehand.
> > > >
> > > > This should narrow down the problem I hope :-)
> > > >
> > > > Jim
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Sent from my Verizon, Samsung Galaxy smartphone
> > > >
> > > > -------- Original message --------
> > > > From: Ivan Adji - Krstev <akivanradix@gmail.com>
> > > > <akivanradix@gmail.com>
> > > > Date: 5/12/16 5:26 AM (GMT-05:00)
> > > > To: syslog-ng@lists.balabit.hu
> > > > Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
> > > >
> > > > So i have install EPEL and i have install syslog-ng and mongodb and
> > > > when i start the syslog-ng service with *syslog-ng -Fevd *command i
> > > > have the following error AGAIN :).
> > > >
> > > > Im not sure what is it and how to prevent it and what to do. But i
> > > > really need this to work :(.
> > > >
> > > > [2016-05-12T05:21:10.739940] Error binding socket;
> > > > addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)'
> > > > [2016-05-12T05:21:10.739973] Error initializing message pipeline;
> > > >
> > > >
> > > > [root@syslogserver loganalyzer]# netstat -tupl
> > > > Active Internet connections (only servers)
> > > > Proto Recv-Q Send-Q Local Address Foreign Address
> > > > State PID/Program name
> > > > tcp 0 0 localhost:27017 0.0.0.0:*
> > > > LISTEN 1352/mongod
> > > > tcp 0 0 0.0.0.0:syslog-tls 0.0.0.0:*
> > > > LISTEN 11377/syslog-ng
> > > > tcp 0 0 0.0.0.0:ssh 0.0.0.0:*
> > > > LISTEN 8562/sshd
> > > > tcp 0 0 localhost:smtp 0.0.0.0:*
> > > > LISTEN 1778/master
> > > > tcp6 0 0 [::]:http [::]:*
> > > > LISTEN 11264/httpd
> > > > tcp6 0 0 [::]:ssh [::]:*
> > > > LISTEN 8562/sshd
> > > > tcp6 0 0 localhost:smtp [::]:*
> > > > LISTEN 1778/master
> > > > udp 0 0 0.0.0.0:bootpc
> > > > 0.0.0.0:* 638/dhclient
> > > > udp 0 0 0.0.0.0:60094
> > > > 0.0.0.0:* 638/dhclient
> > > > udp6 0 0 [::]:3126
> > > > [::]:* 638/dhclient
> > > >
> > > >
> > > >
> > > > [root@syslogserver loganalyzer]# lsof | grep LISTEN
> > > > mongod 1352 mongod 6u IPv4 17057
> > > > 0t0 TCP localhost:27017 (LISTEN)
> > > > mongod 1352 1393 mongod 6u IPv4 17057
> > > > 0t0 TCP localhost:27017 (LISTEN)
> > > > mongod 1352 2028 mongod 6u IPv4 17057
> > > > 0t0 TCP localhost:27017 (LISTEN)
> > > > mongod 1352 2033 mongod 6u IPv4 17057
> > > > 0t0 TCP localhost:27017 (LISTEN)
> > > > mongod 1352 2034 mongod 6u IPv4 17057
> > > > 0t0 TCP localhost:27017 (LISTEN)
> > > > mongod 1352 2138 mongod 6u IPv4 17057
> > > > 0t0 TCP localhost:27017 (LISTEN)
> > > > mongod 1352 2139 mongod 6u IPv4 17057
> > > > 0t0 TCP localhost:27017 (LISTEN)
> > > > mongod 1352 2141 mongod 6u IPv4 17057
> > > > 0t0 TCP localhost:27017 (LISTEN)
> > > > mongod 1352 2148 mongod 6u IPv4 17057
> > > > 0t0 TCP localhost:27017 (LISTEN)
> > > > mongod 1352 2404 mongod 6u IPv4 17057
> > > > 0t0 TCP localhost:27017 (LISTEN)
> > > > mongod 1352 2446 mongod 6u IPv4 17057
> > > > 0t0 TCP localhost:27017 (LISTEN)
> > > > mongod 1352 2447 mongod 6u IPv4 17057
> > > > 0t0 TCP localhost:27017 (LISTEN)
> > > > mongod 1352 2448 mongod 6u IPv4 17057
> > > > 0t0 TCP localhost:27017 (LISTEN)
> > > > mongod 1352 2449 mongod 6u IPv4 17057
> > > > 0t0 TCP localhost:27017 (LISTEN)
> > > > mongod 1352 2450 mongod 6u IPv4 17057
> > > > 0t0 TCP localhost:27017 (LISTEN)
> > > > mongod 1352 2451 mongod 6u IPv4 17057
> > > > 0t0 TCP localhost:27017 (LISTEN)
> > > > mongod 1352 11380 mongod 6u IPv4 17057
> > > > 0t0 TCP localhost:27017 (LISTEN)
> > > > master 1778 root 13u IPv4 15893
> > > > 0t0 TCP localhost:smtp (LISTEN)
> > > > master 1778 root 14u IPv6 15894
> > > > 0t0 TCP localhost:smtp (LISTEN)
> > > > sshd 8562 root 3u IPv4 23963
> > > > 0t0 TCP *:ssh (LISTEN)
> > > > sshd 8562 root 4u IPv6 23965
> > > > 0t0 TCP *:ssh (LISTEN)
> > > > httpd 11264 root 4u IPv6 32697
> > > > 0t0 TCP *:http (LISTEN)
> > > > httpd 11265 apache 4u IPv6 32697
> > > > 0t0 TCP *:http (LISTEN)
> > > > httpd 11267 apache 4u IPv6 32697
> > > > 0t0 TCP *:http (LISTEN)
> > > > httpd 11268 apache 4u IPv6 32697
> > > > 0t0 TCP *:http (LISTEN)
> > > > httpd 11269 apache 4u IPv6 32697
> > > > 0t0 TCP *:http (LISTEN)
> > > > httpd 11270 apache 4u IPv6 32697
> > > > 0t0 TCP *:http (LISTEN)
> > > > httpd 11275 apache 4u IPv6 32697
> > > > 0t0 TCP *:http (LISTEN)
> > > > httpd 11276 apache 4u IPv6 32697
> > > > 0t0 TCP *:http (LISTEN)
> > > > httpd 11277 apache 4u IPv6 32697
> > > > 0t0 TCP *:http (LISTEN)
> > > > httpd 11278 apache 4u IPv6 32697
> > > > 0t0 TCP *:http (LISTEN)
> > > > syslog-ng 11377 root 14u IPv4 34906
> > > > 0t0 TCP *:syslog-tls (LISTEN)
> > > > syslog-ng 11377 11378 root 14u IPv4 34906
> > > > 0t0 TCP *:syslog-tls (LISTEN)
> > > > syslog-ng 11377 11541 root 14u IPv4 34906
> > > > 0t0 TCP *:syslog-tls (LISTEN)
> > > > httpd 11384 apache 4u IPv6 32697
> > > > 0t0 TCP *:http (LISTEN)
> > > >
> > > >
> > > >
> > > > and the source config is as follow:
> > > >
> > > > source s_sys {
> > > > system();
> > > > unix-stream("/dev/log");
> > > > internal();
> > > > network(
> > > > port(6514)
> > > > # tcp(port(5140));
> > > > # file("/proc/kmsg" log_prefix("kernel: "));
> > > > transport("tls")
> > > > tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem")
> > > > cert_file("/etc/syslog-ng/cert.d/servercert.pem")
> > > > ca_dir("/etc/syslog-ng/ca.d"))
> > > > );
> > > > };
> > > >
> > > >
> > > >
> > > >
> > > > destination d_mongodb {
> > > > mongodb(
> > > > # servers("localhost:27017")
> > > > # database("syslog")
> > > > # uri('mongodb://localhost/syslog-ng')
> > > > collection("messages")
> > > > value-pairs(
> > > > scope("selected-macros" "nv-pairs" "sdata")
> > > > )
> > > > );
> > > > };
> > > >
> > > >
> > > > Kind regards
> > > > Ivan
> > > >
> > > > On 05/10/2016 01:35 PM, Czanik, Péter wrote:
> > > >
> > > > Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL,
> > > > as some of the dependencies are missing from the base \
> > > > distribution:https://fedoraproject.org/wiki/EPEL
> > > > Bye,
> > > > Peter Czanik (CzP) <peter.czanik@balabit.com> <peter.czanik@balabit.com>
> > > > Balabit / syslog-ng \
> > > > upstreamhttp://czanik.blogs.balabit.com/https://twitter.com/PCzanik
> > > >
> > > > On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev<akivanradix@gmail.com> \
> > > > <akivanradix@gmail.com> wrote:
> > > > Hi i note this error of mine but i try the other one:
> > > > https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo
> > > > And i have the similar errors when ever i try to install on new CentOS
> > > >
> > > > The procedure im doing is: Fresh installation of CentOS
> > > > yum update
> > > > yum install httpd php vim wget
> > > > then install mongodb ( add repo )
> > > > then install syslog-ng ( add repo )
> > > >
> > > > I'm using: CentOS Linux release 7.2.1511 (Core)
> > > > And im having the following repos:
> > > >
> > > > [root@syslogserver ~]# yum repolist
> > > > Loaded plugins: fastestmirror
> > > > Loading mirror speeds from cached hostfile
> > > > * base: mirror.switch.ch
> > > > * extras: mirror.switch.ch
> > > > * updates: mirror.switch.ch
> > > > repo id
> > > > repo name
> > > > status
> > > > base/7/x86_64
> > > > CentOS-7 - Base
> > > > 9,007
> > > > czanik-syslog-ng37/x86_64
> > > > Copr repo for syslog-ng37 owned by czanik
> > > > 59
> > > > extras/7/x86_64
> > > > CentOS-7 - Extras
> > > > 266
> > > > mongodb-org-3.2/7
> > > > MongoDB Repository
> > > > 35
> > > > updates/7/x86_64
> > > > CentOS-7 - Updates
> > > > 1,437
> > > > repolist: 10,804
> > > >
> > > >
> > > > [root@syslogserver ~]# yum install syslog-ng
> > > > Loaded plugins: fastestmirror
> > > > Loading mirror speeds from cached hostfile
> > > > * base: mirror.switch.ch
> > > > * extras: mirror.switch.ch
> > > > * updates: mirror.switch.ch
> > > > Resolving Dependencies
> > > > --> Running transaction check
> > > > ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed
> > > > --> Processing Dependency: ivykis >= 0.36.1 for package:
> > > > syslog-ng-3.7.3-3.el7.centos.x86_64
> > > > --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:
> > > > syslog-ng-3.7.3-3.el7.centos.x86_64
> > > > --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:
> > > > syslog-ng-3.7.3-3.el7.centos.x86_64
> > > > --> Processing Dependency: libevtlog.so.0()(64bit) for package:
> > > > syslog-ng-3.7.3-3.el7.centos.x86_64
> > > > --> Processing Dependency: libivykis.so.0()(64bit) for package:
> > > > syslog-ng-3.7.3-3.el7.centos.x86_64
> > > > --> Processing Dependency: libnet.so.1()(64bit) for package:
> > > > syslog-ng-3.7.3-3.el7.centos.x86_64
> > > > --> Running transaction check
> > > > ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed
> > > > ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed
> > > > --> Processing Dependency: ivykis >= 0.36.1 for package:
> > > > syslog-ng-3.7.3-3.el7.centos.x86_64
> > > > --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:
> > > > syslog-ng-3.7.3-3.el7.centos.x86_64
> > > > --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:
> > > > syslog-ng-3.7.3-3.el7.centos.x86_64
> > > > --> Processing Dependency: libevtlog.so.0()(64bit) for package:
> > > > syslog-ng-3.7.3-3.el7.centos.x86_64
> > > > --> Processing Dependency: libivykis.so.0()(64bit) for package:
> > > > syslog-ng-3.7.3-3.el7.centos.x86_64
> > > > --> Finished Dependency Resolution
> > > > Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
> > > > Requires: libivykis.so.0(IVYKIS_0.30)(64bit)
> > > > Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
> > > > Requires: libivykis.so.0()(64bit)
> > > > Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
> > > > Requires: ivykis >= 0.36.1
> > > > Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
> > > > Requires: libevtlog.so.0()(64bit)
> > > > Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
> > > > Requires: libivykis.so.0(IVYKIS_0.29)(64bit)
> > > > You could try using --skip-broken to work around the problem
> > > > You could try running: rpm -Va --nofiles --nodigest
> > > >
> > > >
> > > > Any idea ?
> > > >
> > > >
> > > > On 05/09/2016 04:09 PM, Czanik, Péter wrote:
> > > >
> > > > Hi,
> > > >
> > > > You should add the repository using the \
> > > > file:https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo
> > > > to yum and not just download individual packages. You can use then
> > > > "yum install syslog-ng" which will also download all necessary
> > > > dependencies.
> > > >
> > > > Bye,
> > > > Peter Czanik (CzP) <peter.czanik@balabit.com> <peter.czanik@balabit.com>
> > > > Balabit / syslog-ng \
> > > > upstreamhttp://czanik.blogs.balabit.com/https://twitter.com/PCzanik
> > > >
> > > > On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev<akivanradix@gmail.com> \
> > > > <akivanradix@gmail.com> wrote:
> > > > I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
> > > >
> > > >
> > > > I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
> > > >
> > > > The following errors i get:
> > > >
> > > > --> Finished Dependency Resolution
> > > > Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)
> > > > Requires: libevtlog.so.0()(64bit)
> > > > Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)
> > > > Requires: libpcre.so.0()(64bit)
> > > > You could try using --skip-broken to work around the problem
> > > > You could try running: rpm -Va --nofiles --nodigest
> > > >
> > > >
> > > > Any hints on this ?
> > > >
> > > > Kind regards
> > > > Ivan
> > > >
> > > > ______________________________________________________________________________
> > > > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > > Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng
> > > > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> > > >
> > > >
> > > > ______________________________________________________________________________
> > > > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > > Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng
> > > > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> > > >
> > > >
> > > >
> > > > ______________________________________________________________________________
> > > > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > > Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng
> > > > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> > > >
> > > > ______________________________________________________________________________
> > > > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > > Documentation: \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> > > >
> > > >
> > > >
> > > >
> > > > ______________________________________________________________________________
> > > > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > > Documentation: \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > \
> > > > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> > > >
> > > >
> > > >
> > > >
> > > > ______________________________________________________________________________
> > > > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > > Documentation:
> > > > http://www.balabit.com/support/documentation/?product=syslog-ng
> > > > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> > > >
> > > >
> > > >
> > >
> > >
> > > ______________________________________________________________________________
> > > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> > > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> > >
> > >
> > >
> > >
> > > ______________________________________________________________________________
> > > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > Documentation:
> > > http://www.balabit.com/support/documentation/?product=syslog-ng
> > > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> > >
> > >
> > >
> >
> >
> > ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >
> >
> >
> >
> > ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> > http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >
> >
> >
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
[Attachment #5 (text/html)]
<div dir="ltr"><div>I'm a bit confused now.</div><div><br></div><div>The \
syslog-ng -Fevd starts the syslog-ng in the foreground. When you press Ctrl-C or \
would like to do anything with that terminal, it stop working. If you want to run the \
syslog-ng in the long term, you should start it through the systemctl command. But \
make sure, that you start the same syslog-ng in both time and use the same config \
too.</div><div><br></div><div>Also remember that both syslog-ng cannot run in the \
same time. So you have to stop the one you started from the console before start it \
with the systemctl.</div><div><br></div><div>What error do you get when you start \
with systemctl?</div></div><div class="gmail_extra"><br><div class="gmail_quote">On \
Thu, May 12, 2016 at 2:21 PM, Ivan Adji - Krstev <span dir="ltr"><<a \
href="mailto:akivanradix@gmail.com" \
target="_blank">akivanradix@gmail.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<font face="Helvetica, Arial, sans-serif">That is how i start any
services or restart it or stop it. What i have done now is <br>
1. systemctl stop syslog-ng <br>
2. syslog-ng -Fevd<br>
<br>
And i have send you the output of it. I can see that I'm receiving
logs from the clients, but im really confused how is working when
its shutdown. <br>
Now if I execute <b>systemctl start syslog-ng </b>ill get the
error. <br>
<br>
Also i have done the same procedures and they working fine. Now on
a newly freshed installation i can't get it work.<br>
<br>
And i really don't know what to do next and where do i continue
with. <br>
<br>
Kind regards<span class="HOEnZb"><font color="#888888"><br>
Ivan<br>
</font></span></font><div><div class="h5"><br>
<div>On 05/12/2016 02:14 PM, Várady, László
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">If I understand your problem correctly, you should
just execute 'systemctl start syslog-ng' to start it again in
daemon mode.</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, May 12, 2016 at 2:09 PM, Ivan
Adji - Krstev <span dir="ltr"><<a href="mailto:akivanradix@gmail.com" \
target="_blank">akivanradix@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div text="#000000" bgcolor="#FFFFFF"> <font face="Helvetica, Arial, \
sans-serif">Yes i guess but the syslog-ng is stop, how is it hes running ? I have
execute <b>systemctl stop syslog-ng<br>
</b>How is that is running. And there is nothing in a
process or in a network:<br>
<br>
[root@syslogserver syslog-ng]# ps axu | grep syslog<br>
root 3546 0.0 0.0 112644 964 pts/0 S+
14:08 0:00 grep --color=auto syslog<br>
<br>
[root@syslogserver syslog-ng]# lsof | grep LISTEN<br>
sshd 825 root 3u IPv4 \
14259 0t0 TCP *:ssh (LISTEN)<br>
sshd 825 root 4u IPv6 \
14261 0t0 TCP *:ssh (LISTEN)<br>
mongod 1544 mongod 6u IPv4 \
15757 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1544 1685 mongod 6u IPv4 \
15757 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1544 1988 mongod 6u IPv4 \
15757 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1544 1989 mongod 6u IPv4 \
15757 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1544 1990 mongod 6u IPv4 \
15757 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1544 1991 mongod 6u IPv4 \
15757 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1544 1992 mongod 6u IPv4 \
15757 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1544 1993 mongod 6u IPv4 \
15757 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1544 1994 mongod 6u IPv4 \
15757 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1544 1995 mongod 6u IPv4 \
15757 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1544 1996 mongod 6u IPv4 \
15757 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1544 1999 mongod 6u IPv4 \
15757 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1544 2000 mongod 6u IPv4 \
15757 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1544 2001 mongod 6u IPv4 \
15757 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1544 2002 mongod 6u IPv4 \
15757 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1544 2003 mongod 6u IPv4 \
15757 0t0 TCP localhost:27017 (LISTEN)<br>
master 1818 root 13u IPv4 \
16766 0t0 TCP localhost:smtp (LISTEN)<br>
master 1818 root 14u IPv6 \
16767 0t0 TCP localhost:smtp \
(LISTEN)<span><br> [root@syslogserver syslog-ng]# netstat -antup | grep
6514<br>
<br>
</span> [root@syslogserver syslog-ng]# <br>
<br>
</font>
<div>
<div><br>
<div>On 05/12/2016 02:03 PM, Várady, László wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">This output is all about the messages
you received, so I think you have a working
configuration now.
<div><br>
</div>
<div>--</div>
<div>László Várady</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, May 12, 2016 at
1:49 PM, Ivan Adji - Krstev <span dir="ltr"><<a \
href="mailto:akivanradix@gmail.com" target="_blank"><a \
href="mailto:akivanradix@gmail.com" \
target="_blank">akivanradix@gmail.com</a>></a></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div text="#000000" bgcolor="#FFFFFF"> <font \
face="Helvetica, Arial, sans-serif">Sorry about the previus messages i was testing
and so that i have put the wrong path of
the certificates here it is <b>syslog-ng
-Fevd </b>output<br>
<br>
[2016-05-12T13:48:13.274891] Filter rule
evaluation begins; rule='f_cron',
\
location='/etc/syslog-ng/syslog-ng.conf:60:18'<br> \
[2016-05-12T13:48:13.274901] Filter node
evaluation result; result='not-match',
type='facility'<br>
[2016-05-12T13:48:13.274912] Filter rule
evaluation result; result='not-match',
rule='f_cron',
\
location='/etc/syslog-ng/syslog-ng.conf:60:18'<br> \
[2016-05-12T13:48:13.275397] Outgoing message; message='May 12 13:48:10
syslogserver.novalocal polkitd[630]:
Unregistered Authentication Agent for
unix-process:3014:242607 (system bus name
:1.74, object path
/org/freedesktop/PolicyKit1/AuthenticationAgent,
locale en_US.UTF-8) (disconnected from
bus)<br>
'<br>
[2016-05-12T13:48:13.275469] Outgoing
message; message='May 12 13:48:11
syslogserver.novalocal sshd[3012]:
Connection closed by 115.85.192.40
[preauth]<br>
'<br>
[2016-05-12T13:48:13.275519] Outgoing
message; message='May 12 13:48:10
syslogserver.novalocal systemd[1]: Stopped
System Logger Daemon.<br>
'<span><font color="#888888"><br>
<br>
Ivan<br>
</font></span></font><span><br>
<div>On 05/12/2016 01:43 PM, Várady,
László wrote:<br>
</div>
</span>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>Did you stop the syslog-ng
daemon (systemctl stop syslog-ng)
before running 'syslog-ng -Fevd'
manually?</div>
<div><br>
</div>
<div>--</div>
<div>László Várady</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, May
12, 2016 at 1:16 PM, Ivan Adji -
Krstev <span dir="ltr"><<a \
href="mailto:akivanradix@gmail.com" target="_blank"><a \
href="mailto:akivanradix@gmail.com" \
target="_blank">akivanradix@gmail.com</a>></a></span> wrote:<br>
<blockquote class="gmail_quote" \
style="margin:0px 0px 0px \
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div text="#000000" bgcolor="#FFFFFF"> <font \
face="Helvetica, Arial, sans-serif">OK so i get
syslog-ng running with the
default configuration....
this have some problem with
the TLS configuration. <br>
<br>
What i have done i have
create the certificate
procedures ( self signed
certificate ) on my laptop
following this article: <a \
href="https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-tutorial-mutual-auth-tls/html/create-server-certificate.html" \
target="_blank"><a href="https://www.balabit.com/sites/default/files/documents/syslog- \
ng-ose-latest-guides/en/syslog-ng-tutorial-mutual-auth-tls/html/create-server-certificate.html" \
target="_blank">https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-la \
test-guides/en/syslog-ng-tutorial-mutual-auth-tls/html/create-server-certificate.html</a><br>
<br>
So i generate the server
certificate on my laptop and
the other certificates for
the clients. I copy them and
put the configuration. <br>
<br>
Any other configuration in
syslog-ng.conf to put and
try to working with TLS ?<br>
<br>
Kind regards<br>
<br>
<br>
</a></font><span><br>
<div>On 05/12/2016 12:42 PM,
jrhendri wrote:<br>
</div>
</span>
<div>
<div>
<blockquote type="cite">
<div>This has to be
something very basic.</div>
<div>Have you tried
checking if another
syslog server is
running? </div>
<div>ps -aef |grep
syslog</div>
<div><br>
</div>
<div>Assuming this shows
nothing, try a very
simple syslog-ng
config file and a
manual start on the
command line. </div>
<div><br>
</div>
<div>Make sure you check
all the things in your
configuration that
your copy should open
beforehand. </div>
<div><br>
</div>
<div>This should narrow
down the problem I
hope :-)</div>
<div><br>
</div>
<div>Jim</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div \
style="color:rgb(87,87,87);font-size:85%" dir="auto">Sent from my Verizon, Samsung
Galaxy smartphone</div>
</div>
<div><br>
</div>
<div \
style="color:rgb(0,0,0);font-size:100%"> <div>-------- Original
message --------</div>
<div>From: Ivan Adji -
Krstev <a \
href="mailto:akivanradix@gmail.com" target="_blank"><a \
href="mailto:akivanradix@gmail.com" target="_blank"><akivanradix@gmail.com></a> \
</a></div> <div>Date: 5/12/16
5:26 AM (GMT-05:00)
</div>
<div>To: <a \
href="mailto:syslog-ng@lists.balabit.hu" target="_blank"><a \
href="mailto:syslog-ng@lists.balabit.hu" \
target="_blank">syslog-ng@lists.balabit.hu</a> </a></div>
<div>Subject: Re:
[syslog-ng]
Installing Syslog-NG
3.7 on CentOS 7 </div>
<div><br>
</div>
</div>
<font face="Helvetica,
Arial, sans-serif">So
i have install EPEL
and i have install
syslog-ng and mongodb
and when i start the
syslog-ng service with
<b>syslog-ng -Fevd </b>command
i have the following
error AGAIN :). <br>
<br>
Im not sure what is it
and how to prevent it
and what to do. But i
really need this to
work :(.<br>
<br>
[2016-05-12T05:21:10.739940]
Error binding socket;
\
addr='AF_INET(0.0.0.0:6514)',
error='Address already
in use (98)'<br>
[2016-05-12T05:21:10.739973]
Error initializing
message pipeline;<br>
<br>
<br>
[root@syslogserver
loganalyzer]# netstat
-tupl <br>
Active Internet
connections (only
servers)<br>
Proto Recv-Q Send-Q
Local
Address
Foreign
Address
State
PID/Program name <br>
tcp 0 0
localhost:27017
0.0.0.0:* \
LISTEN
1352/mongod <br>
tcp 0 0
0.0.0.0:syslog-tls
0.0.0.0:* \
LISTEN
11377/syslog-ng <br>
tcp 0 0
0.0.0.0:ssh
0.0.0.0:* \
LISTEN
8562/sshd <br>
tcp 0 0
localhost:smtp
0.0.0.0:* \
LISTEN
1778/master <br>
tcp6 0 0
[::]:http \
[::]:* \
LISTEN
11264/httpd <br>
tcp6 0 0
[::]:ssh \
[::]:* \
LISTEN
8562/sshd <br>
tcp6 0 0
localhost:smtp
[::]:* \
LISTEN
1778/master <br>
udp 0 0
0.0.0.0:bootpc
0.0.0.0:* \
638/dhclient <br>
udp 0 0 <a \
href="http://0.0.0.0:60094" target="_blank">0.0.0.0:60094</a>
0.0.0.0:* \
638/dhclient <br>
udp6 0 0
[::]:3126 \
[::]:* \
638/dhclient <br>
<br>
<br>
<br>
[root@syslogserver
loganalyzer]# lsof |
grep LISTEN<br>
mongod 1352
mongod 6u
IPv4
17057 0t0
TCP localhost:27017
(LISTEN)<br>
mongod 1352 1393
mongod 6u
IPv4
17057 0t0
TCP localhost:27017
(LISTEN)<br>
mongod 1352 2028
mongod 6u
IPv4
17057 0t0
TCP localhost:27017
(LISTEN)<br>
mongod 1352 2033
mongod 6u
IPv4
17057 0t0
TCP localhost:27017
(LISTEN)<br>
mongod 1352 2034
mongod 6u
IPv4
17057 0t0
TCP localhost:27017
(LISTEN)<br>
mongod 1352 2138
mongod 6u
IPv4
17057 0t0
TCP localhost:27017
(LISTEN)<br>
mongod 1352 2139
mongod 6u
IPv4
17057 0t0
TCP localhost:27017
(LISTEN)<br>
mongod 1352 2141
mongod 6u
IPv4
17057 0t0
TCP localhost:27017
(LISTEN)<br>
mongod 1352 2148
mongod 6u
IPv4
17057 0t0
TCP localhost:27017
(LISTEN)<br>
mongod 1352 2404
mongod 6u
IPv4
17057 0t0
TCP localhost:27017
(LISTEN)<br>
mongod 1352 2446
mongod 6u
IPv4
17057 0t0
TCP localhost:27017
(LISTEN)<br>
mongod 1352 2447
mongod 6u
IPv4
17057 0t0
TCP localhost:27017
(LISTEN)<br>
mongod 1352 2448
mongod 6u
IPv4
17057 0t0
TCP localhost:27017
(LISTEN)<br>
mongod 1352 2449
mongod 6u
IPv4
17057 0t0
TCP localhost:27017
(LISTEN)<br>
mongod 1352 2450
mongod 6u
IPv4
17057 0t0
TCP localhost:27017
(LISTEN)<br>
mongod 1352 2451
mongod 6u
IPv4
17057 0t0
TCP localhost:27017
(LISTEN)<br>
mongod 1352 11380
mongod 6u
IPv4
17057 0t0
TCP localhost:27017
(LISTEN)<br>
master
1778 root
13u
IPv4
15893 0t0
TCP localhost:smtp
(LISTEN)<br>
master
1778 root
14u
IPv6
15894 0t0
TCP localhost:smtp
(LISTEN)<br>
sshd
8562 root
3u
IPv4
23963 0t0
TCP *:ssh (LISTEN)<br>
sshd
8562 root
4u
IPv6
23965 0t0
TCP *:ssh (LISTEN)<br>
httpd
11264 root
4u
IPv6
32697 0t0
TCP *:http (LISTEN)<br>
httpd 11265
apache 4u
IPv6
32697 0t0
TCP *:http (LISTEN)<br>
httpd 11267
apache 4u
IPv6
32697 0t0
TCP *:http (LISTEN)<br>
httpd 11268
apache 4u
IPv6
32697 0t0
TCP *:http (LISTEN)<br>
httpd 11269
apache 4u
IPv6
32697 0t0
TCP *:http (LISTEN)<br>
httpd 11270
apache 4u
IPv6
32697 0t0
TCP *:http (LISTEN)<br>
httpd 11275
apache 4u
IPv6
32697 0t0
TCP *:http (LISTEN)<br>
httpd 11276
apache 4u
IPv6
32697 0t0
TCP *:http (LISTEN)<br>
httpd 11277
apache 4u
IPv6
32697 0t0
TCP *:http (LISTEN)<br>
httpd 11278
apache 4u
IPv6
32697 0t0
TCP *:http (LISTEN)<br>
syslog-ng
11377 root
14u
IPv4
34906 0t0
TCP *:syslog-tls
(LISTEN)<br>
syslog-ng 11377
11378 root
14u
IPv4
34906 0t0
TCP *:syslog-tls
(LISTEN)<br>
syslog-ng 11377
11541 root
14u
IPv4
34906 0t0
TCP *:syslog-tls
(LISTEN)<br>
httpd 11384
apache 4u
IPv6
32697 0t0
TCP *:http (LISTEN)<br>
<br>
<br>
<br>
and the source config
is as follow:<br>
<br>
source s_sys {<br>
system();<br>
\
unix-stream("/dev/log");<br> internal();<br>
network(<br>
port(6514)<br>
#
tcp(port(5140));<br>
# file("/proc/kmsg"
log_prefix("kernel:
"));<br>
\
transport("tls")<br> tls(
\
key_file("/etc/syslog-ng/cert.d/serverkey.pem")<br>
\
cert_file("/etc/syslog-ng/cert.d/servercert.pem")<br>
\
ca_dir("/etc/syslog-ng/ca.d"))<br> );<br>
};<br>
<br>
<br>
<br>
<br>
destination d_mongodb
{<br>
mongodb(<br>
#
\
servers("localhost:27017")<br> #
database("syslog")<br>
#
\
uri('mongodb://localhost/syslog-ng')<br>
\
collection("messages")<br> value-pairs(<br>
scope("selected-macros"
"nv-pairs" \
"sdata")<br> )<br>
);<br>
};<br>
<br>
<br>
Kind regards<br>
Ivan<br>
</font><br>
<div>On 05/10/2016 01:35
PM, Czanik, Péter
wrote:<br>
</div>
<blockquote type="cite">
<pre>Do you also have EPEL? The \
RHEL7/CentOS7 repo is built against EPEL, as some of the dependencies are missing \
from the base distribution: <a href="https://fedoraproject.org/wiki/EPEL" \
target="_blank">https://fedoraproject.org/wiki/EPEL</a>
Bye,
Peter Czanik (CzP) <a href="mailto:peter.czanik@balabit.com" \
target="_blank"><peter.czanik@balabit.com></a> Balabit / syslog-ng upstream
<a href="http://czanik.blogs.balabit.com/" \
target="_blank">http://czanik.blogs.balabit.com/</a> <a \
href="https://twitter.com/PCzanik" target="_blank">https://twitter.com/PCzanik</a>
On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev
<a href="mailto:akivanradix@gmail.com" \
target="_blank"><akivanradix@gmail.com></a> wrote: </pre>
<blockquote type="cite">
<pre>Hi i note this error of mine \
but i try the other one:
<a href="https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo" \
target="_blank">https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo</a>
And i have the similar errors when ever i try to install on new CentOS
The procedure im doing is: Fresh installation of CentOS
yum update
yum install httpd php vim wget
then install mongodb ( add repo )
then install syslog-ng ( add repo )
I'm using: CentOS Linux release 7.2.1511 (Core)
And im having the following repos:
[root@syslogserver ~]# yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: <a href="http://mirror.switch.ch" target="_blank">mirror.switch.ch</a>
* extras: <a href="http://mirror.switch.ch" target="_blank">mirror.switch.ch</a>
* updates: <a href="http://mirror.switch.ch" target="_blank">mirror.switch.ch</a>
repo id
repo name
status
base/7/x86_64
CentOS-7 - Base
9,007
czanik-syslog-ng37/x86_64
Copr repo for syslog-ng37 owned by czanik
59
extras/7/x86_64
CentOS-7 - Extras
266
mongodb-org-3.2/7
MongoDB Repository
35
updates/7/x86_64
CentOS-7 - Updates
1,437
repolist: 10,804
[root@syslogserver ~]# yum install syslog-ng
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: <a href="http://mirror.switch.ch" target="_blank">mirror.switch.ch</a>
* extras: <a href="http://mirror.switch.ch" target="_blank">mirror.switch.ch</a>
* updates: <a href="http://mirror.switch.ch" target="_blank">mirror.switch.ch</a>
Resolving Dependencies
--> Running transaction check
---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed
--> Processing Dependency: ivykis >= 0.36.1 for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Processing Dependency: libevtlog.so.0()(64bit) for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Processing Dependency: libivykis.so.0()(64bit) for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Processing Dependency: libnet.so.1()(64bit) for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Running transaction check
---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed
---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed
--> Processing Dependency: ivykis >= 0.36.1 for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Processing Dependency: libevtlog.so.0()(64bit) for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Processing Dependency: libivykis.so.0()(64bit) for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Finished Dependency Resolution
Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
Requires: libivykis.so.0(IVYKIS_0.30)(64bit)
Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
Requires: libivykis.so.0()(64bit)
Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
Requires: ivykis >= 0.36.1
Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
Requires: libevtlog.so.0()(64bit)
Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
Requires: libivykis.so.0(IVYKIS_0.29)(64bit)
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
Any idea ?
On 05/09/2016 04:09 PM, Czanik, Péter wrote:
Hi,
You should add the repository using the file:
<a href="https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo" \
target="_blank">https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo</a>
to yum and not just download individual packages. You can use then
"yum install syslog-ng" which will also download all necessary
dependencies.
Bye,
Peter Czanik (CzP) <a href="mailto:peter.czanik@balabit.com" \
target="_blank"><peter.czanik@balabit.com></a> Balabit / syslog-ng upstream
<a href="http://czanik.blogs.balabit.com/" \
target="_blank">http://czanik.blogs.balabit.com/</a> <a \
href="https://twitter.com/PCzanik" target="_blank">https://twitter.com/PCzanik</a>
On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev
<a href="mailto:akivanradix@gmail.com" \
target="_blank"><akivanradix@gmail.com></a> wrote:
I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
The following errors i get:
--> Finished Dependency Resolution
Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)
Requires: libevtlog.so.0()(64bit)
Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)
Requires: libpcre.so.0()(64bit)
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
Any hints on this ?
Kind regards
Ivan
______________________________________________________________________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a> \
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" \
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
______________________________________________________________________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a> \
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" \
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
______________________________________________________________________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a> \
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" \
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
\
<pre>______________________________________________________________________________ \
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" \
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
<br>
<fieldset></fieldset>
<br>
\
<pre>______________________________________________________________________________ \
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" \
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
______________________________________________________________________________<br>
Member info: <a \
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank" \
rel="noreferrer"><a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br> \
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
target="_blank" rel="noreferrer"><a \
href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank" \
rel="noreferrer">http://www.balabit.com/wiki/syslog-ng-faq</a><br> <br>
<br>
</a></a></blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
\
<pre>______________________________________________________________________________ \
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" \
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
______________________________________________________________________________<br>
Member info: <a \
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank" \
rel="noreferrer">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br> \
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
target="_blank" rel="noreferrer">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" \
target="_blank" rel="noreferrer">http://www.balabit.com/wiki/syslog-ng-faq</a><br> \
<br> <br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________________________________________________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" \
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
______________________________________________________________________________<br>
Member info: <a \
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank" \
rel="noreferrer">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br> \
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
target="_blank" rel="noreferrer">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank" \
rel="noreferrer">http://www.balabit.com/wiki/syslog-ng-faq</a><br> <br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________________________________________________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" \
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</div></div></div>
<br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
target="_blank" rel="noreferrer">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
target="_blank" rel="noreferrer">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank" \
rel="noreferrer">http://www.balabit.com/wiki/syslog-ng-faq</a><br> <br>
<br></blockquote></div><br></div>
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic