Syslog-ng Won’t Listen

Trying to setup Syslog-NG but can’t get it to listen at all. I added the following to the config:

source s_net {                tcp(ip(0.0.0.0) port(514));                udp(ip(0.0.0.0) port(514)); }; 

I then restarted the service

:/etc/syslog-ng$   sudo service syslog-ng restart :/etc/syslog-ng$   sudo systemctl status syslog-ng ● syslog-ng.service - System Logger Daemon    Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)    Active: active (running) since Fri 2019-05-24 13:52:16 UTC; 8s ago      Docs: man:syslog-ng(8)  Main PID: 3988 (syslog-ng)     Tasks: 1    Memory: 1.9M       CPU: 29ms    CGroup: /system.slice/syslog-ng.service            └─3988 /usr/sbin/syslog-ng -F 

It’s running but no port is open…

:/etc/syslog-ng$   ss -tunelp | grep 514 s:/etc/syslog-ng$   ss -tunelp Netid  State      Recv-Q Send-Q                                                      Local Address:Port                                                                     Peer Address:Port udp    UNCONN     0      0                                                                       *:68                                                                                  *:*                   ino:33007 sk:1 <-> tcp    LISTEN     0      128                                                                     *:22                                                                                  *:*                   ino:33247 sk:2 <-> tcp    LISTEN     0      128                                                                    :::22                                                                                 :::*                   ino:33249 sk:3 v6only:1 <-> 

I have similar experiences with rsyslog.

UFW is off

:/etc/syslog-ng$   sudo ufw status Status: inactive 

Any help would be greatly appreciated

syslog-ng execute script on syslog pattern

I have a simple requirement. I want to receive all syslog messages coming from user facility and store them in a file. If the syslog message contains a specific pattern, I want to execute a script.

I have the following configuration,

destination d_logfile { file("/var/log/logile.log"); }; destination d_start_script { program("/home/ubuntu/start-script.sh"); }; destination d_stop_script { program("/home/ubuntu/stop-script.sh"); };  filter f_logfile { facility(user) and not filter(f_debug); }; filter f_filter_start { facility(user) and message("start"); }; filter f_filter_stop { facility(user) and message("stop"); };  log { source(s_network_tcp); filter(f_logfile); destination(d_logfile); }; log { source(s_network_tcp); filter(f_filter_start); destination(d_start_script; }; log { source(s_network_tcp); filter(f_filter_stop; destination(d_stop_script); }; 

when I start syslog-ng it seems to loop and execute both start and stop scripts on and off.

am I missing something?

syslog-ng destination plugin elasticsearch2 not found

I have Linux Mint 19. syslog-ng –version:

options {     threaded(yes);     use-uniqid(yes); };  source s_syslog {     syslog(); };  destination d_elastic {     elasticsearch2(         index("syslog-ng")         type("test")         cluster("mycluster1")         client-mode("transport")         custom-id("$  {UNIQID}")         flush-limit("10000")     ); };  log {     source(s_syslog);     destination(d_elastic);     flags(flow-control); }; 

syslog-ng config for elastic search file:

options {                 threaded(yes);                 use-uniqid(yes);             };              source s_syslog {                 syslog();             };              destination d_elastic {                 elasticsearch2(                     index("syslog-ng")                     type("test")                     cluster("mycluster1")                     client-mode("transport")                     custom-id("$  {UNIQID}")                     flush-limit("10000")                 );             };              log {                 source(s_syslog);                 destination(d_elastic);                 flags(flow-control);             }; 

When I’m trying to sudo service syslog-ng restart i have the following error information:

Jan 11 11:14:44  syslog-ng[19156]: Error parsing destination statement, destination plugin elasticsearch2 not found in /etc/syslog-ng/conf.d/elastic.conf: Jan 11 11:14:44  syslog-ng[19156]: 6       source s_syslog { Jan 11 11:14:44  syslog-ng[19156]: 7           syslog(); Jan 11 11:14:44  syslog-ng[19156]: 8       }; Jan 11 11:14:44  syslog-ng[19156]: 9 Jan 11 11:14:44  syslog-ng[19156]: 10      destination d_elastic { Jan 11 11:14:44  syslog-ng[19156]: 11---->     elasticsearch2( Jan 11 11:14:44  syslog-ng[19156]: 11---->     ^^^^^^^^^^^^^^ Jan 11 11:14:44  syslog-ng[19156]: 12          index("syslog-ng") 

I have installed mod-java for syslog-ng and I have jdk, jre etc. What am I doing wrong? Thanks!