I'm currently trying to set up syslog-ng as a medium between suricata and elasticsearch.
According to the syslog-ng-documentation, the latter requires me to use the "elasticsearch-http"-option when defining the destination. And that option requires me to have syslog-ng-mod-http installed.
Although the package gets installed as part of the syslog-ng-bundle, the system doesn't recognize it, which causes the syslog-ng-service to crash. Journalctl only asks me to install the mod-http-package but when I try to install it, I get told that it's already installed.
The same happens when I try out the older and deprecated alternative elasticsearch2, this time it complains about the missing syslog-ng-mod-java-package despite having it installed
I was wondering whether I have several versions of the software installed, which could cause the system to be confused about which one it should pick, but when calling "apt list -a" for all packages, only the latest version is listed as installed.
How can I make the system recognize the syslog-ng-mod-http-package alongside all the others?
Also, I tried installing the packages via synaptic but there, I only got error message "Sub-process https received signal 4". Does anyone know how to solve this? Is there maybe a way to configure synaptic to only look for http-sources, if that could fix it?
