I'm currently trying to set up syslog-ng as a medium between suricata and elasticsearch.
According to the syslog-ng-documentation, the latter requires me to use the "elasticsearch-http"-option when defining the destination. And that option requires me to have syslog-ng-mod-http installed. Although the package gets installed as part of the syslog-ng-bundle, the system doesn't recognize it, which causes the syslog-ng-service to crash. Journalctl only asks me to install the mod-http-package but when I try to install it, I get told that it's already installed, so I'm in a paradox situation here. The same happens when I try out the older and deprecated alternative option elasticsearch2, in this case it complains about the missing syslog-ng-mod-java-package despite having it installed.
I was wondering whether I have several versions of the software installed, which could cause the system to be confused about which one it should pick, but when calling "apt list -a" for all packages, only the latest version is listed as installed. How can I make the system recognize the syslog-ng-mod-http-package alongside all the others?
Also, I tried installing the packages via synaptic but there, I only got error message "Sub-process https received signal 4" across several package sources. Does anyone know how to solve this? Is there maybe a way to configure synaptic to only look for http-sources, if that could fix it?