NXLOG Service failed

Tags:

#1 Shahmiri 5 years ago

Dear all,

I'm trying to get hold of the IIS logs and I get the following issue when I try to restart the service.... we are working on a extra.conf file and I know that it is the one that hinders the service to start.... I just cant see where in the code I mess up.

Here's the code.

Created by NXlog Configuration AT 04-07-2018 08:20:12

NXlog Configuration Version 2018-05-14

Created On HOSTNAMEWEB03

OS INFO 2008 - nxlogserver: 10.233.26.20

dnsloginfo $Undefined DHCPLOGINFO $Undefined###

Start off with Definitions

Rootdir defined from: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\nxlog,installdir;HKEY_LOCAL_MACHINE\SOFTWARE\nxlog,installdir

define ROOT <C:\Program Files\nxlog>

Generic Settings for ALL installations

define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log

Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %LOGFILE% LogLevel INFO

<Extension _syslog> Module xm_syslog </Extension>

<Extension _exec> Module xm_exec </Extension>

<Extension _json> Module xm_json </Extension>

Define our inputs

Start ISS created by # 18-09-2018###

<Input IIS> Module im_file File C:\inetpub\logs\LogFiles\W3SVC1\* SavePos True InputType LineBased </Input>

END ISS Inserted by # 18-09-2018###

<Input winlog> Module im_msvistalog ReadFromLast TRUE ResolveSID TRUE <QueryXML> <QueryList> <Query Id='1'> <Select Path='Application'></Select> <Select Path='Security'></Select> <Select Path='System'>*</Select> </Query> </QueryList> </QueryXML> </Input>

Define the output that goes to LP for analysis

<Output syslogout> Module om_tcp Host 10.2XX.26.2X Port 514 Exec to_syslog_bsd(); </Output>

<Output winout> Module om_tcp Host 10.2XX.26.2X Port 514 Exec to_json(); $Message = $raw_event;to_syslog_bsd(); </Output>

Tie together inputs to outputs

<Route 1> Path winlog => winout </Route> include %CONFDIR%\extra.conf

Configuration Completed

The following is taken out of the nxlog.log

2018-09-19 09:28:10 WARNING nxlog received a termination request signal, exiting... nxlog failed to start: Invalid 'include' directive at C:\Program Files\nxlog\conf\extra.conf:86 Failed to open config file <C:\Program Files\nxlog>\conf\extra.conf The filename, directory name, or volume label syntax is incorrect.

2018-09-19 09:41:15 INFO nxlog-4.0.3735 started 2018-09-19 09:41:15 WARNING not starting unused module syslogout 2018-09-19 09:41:15 INFO connecting to 10.233.26.20:514 2018-09-19 09:44:00 WARNING stopping nxlog service 2018-09-19 09:44:00 WARNING nxlog received a termination request signal, exiting... nxlog failed to start: Invalid 'include' directive at C:\Program Files\nxlog\conf\extra.conf:86 Failed to open config file <C:\Program Files\nxlog>\conf\extra.conf The filename, directory name, or volume label syntax is incorrect.

nxlog failed to start: Invalid 'include' directive at C:\Program Files\nxlog\conf\extra.conf:86 Failed to open config file <C:\Program Files\nxlog>\conf\extra.conf The filename, directory name, or volume label syntax is incorrect.

Permalink

#2 b0ti Nxlog ✓ 5 years ago

#1 Shahmiri

Dear all, I'm trying to get hold of the IIS logs and I get the following issue when I try to restart the service.... we are working on a extra.conf file and I know that it is the one that hinders the service to start.... I just cant see where in the code I mess up. Here's the code. Created by NXlog Configuration AT 04-07-2018 08:20:12 NXlog Configuration Version 2018-05-14 Created On HOSTNAMEWEB03 OS INFO 2008 - nxlogserver: 10.233.26.20 dnsloginfo $Undefined DHCPLOGINFO $Undefined### Start off with Definitions Rootdir defined from: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\nxlog,installdir;HKEY_LOCAL_MACHINE\SOFTWARE\nxlog,installdir define ROOT <C:\Program Files\nxlog> Generic Settings for ALL installations define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %LOGFILE% LogLevel INFO <Extension _syslog> Module xm_syslog </Extension> <Extension _exec> Module xm_exec </Extension> <Extension _json> Module xm_json </Extension> Define our inputs Start ISS created by # 18-09-2018### <Input IIS> Module im_file File C:\inetpub\logs\LogFiles\W3SVC1\* SavePos True InputType LineBased </Input> END ISS Inserted by # 18-09-2018### <Input winlog> Module im_msvistalog ReadFromLast TRUE ResolveSID TRUE <QueryXML> <QueryList> <Query Id='1'> <Select Path='Application'></Select> <Select Path='Security'></Select> <Select Path='System'>*</Select> </Query> </QueryList> </QueryXML> </Input> Define the output that goes to LP for analysis <Output syslogout> Module om_tcp Host 10.2XX.26.2X Port 514 Exec to_syslog_bsd(); </Output> <Output winout> Module om_tcp Host 10.2XX.26.2X Port 514 Exec to_json(); $Message = $raw_event;to_syslog_bsd(); </Output> Tie together inputs to outputs <Route 1> Path winlog => winout </Route> include %CONFDIR%\extra.conf Configuration Completed The following is taken out of the nxlog.log 2018-09-19 09:28:10 WARNING nxlog received a termination request signal, exiting... nxlog failed to start: Invalid 'include' directive at C:\Program Files\nxlog\conf\extra.conf:86 Failed to open config file <C:\Program Files\nxlog>\conf\extra.conf The filename, directory name, or volume label syntax is incorrect. 2018-09-19 09:41:15 INFO nxlog-4.0.3735 started 2018-09-19 09:41:15 WARNING not starting unused module syslogout 2018-09-19 09:41:15 INFO connecting to 10.233.26.20:514 2018-09-19 09:44:00 WARNING stopping nxlog service 2018-09-19 09:44:00 WARNING nxlog received a termination request signal, exiting... nxlog failed to start: Invalid 'include' directive at C:\Program Files\nxlog\conf\extra.conf:86 Failed to open config file <C:\Program Files\nxlog>\conf\extra.conf The filename, directory name, or volume label syntax is incorrect. nxlog failed to start: Invalid 'include' directive at C:\Program Files\nxlog\conf\extra.conf:86 Failed to open config file <C:\Program Files\nxlog>\conf\extra.conf The filename, directory name, or volume label syntax is incorrect.

define ROOT <C:\Program Files\nxlog>