7.1.1. Procedure – Prerequisites The syslog-ng Premium Edition 7 Administrator Guide
To send messages from syslog-ng PE to Elasticsearch, complete the following steps.
If you want to use the Java-based modules of syslog-ng PE (for example, the Elasticsearch, HDFS, or Kafka destinations), you must compile syslog-ng PE with Java support.
Download and install the Java Runtime Environment (JRE), 1.7 (or newer). The Java-based modules of syslog-ng PE are tested and supported when using the Oracle implementation of Java. Other implementations are untested and unsupported, they may or may not work as expected.
Install gradle version 2.2.1 or newer.
LD_LIBRARY_PATHto include the
libjvm.sofile, for example:LD_LIBRARY_PATH=/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/amd64/server:$LD_LIBRARY_PATH
Note that many platforms have a simplified links for Java libraries. Use the simplified path if available. If you use a startup script to start syslog-ng PE set
LD_LIBRARY_PATHin the script as well.
If you are behind an HTTP proxy, create a
modules/java-modules/directory. Set the proxy parameters in the file. For details, see The Gradle User Guide.
Download the Elasticsearch libraries version 1.5 or newer from the 1.x line from https://www.elastic.co/downloads/elasticsearch.Balabit tests the destination using Elasticsearch version 1.5. To use Elasticsearch 2.x or newer, use the
elasticsearch2()destination (see Section 7.2,
elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher).
Extract the Elasticsearch libraries into a temporary directory, then collect the various
.jarfiles into a single directory (for example,
/opt/elasticsearch/lib/) where syslog-ng PE can access them. You must specify this directory in the syslog-ng PE configuration file. The files are located in the
libdirectory and its subdirectories of the Elasticsearch release package.