3
responses

im_msvistalog Assertion Failed

Hi,

I'm trying to read from a .evtx file directly using the File directive in im_msvistalog. I keep getting an error: Assertion failed at line 1945 in im_msvistalog.c/im_msvistalog_start(): "((nx_im_msvistalog_subscr_t **)(imconf->q_subs->nelts-1->query = imconf->_query""

I'm running Windows 10 with nxlog-4.0.3550. I've tested with different files with the same error.

AskedMay 3, 2018 - 3:55am
9
responses

Eventlog Source Limitation on Server 2016

Hi, when configuring nxlog-CE on a Server 2016, there are limitations for collecting all eventlog sources. After starting the nxlog service, I see the following information in the nxlog-logfile:

2017-12-12 18:18:38 INFO nxlog-ce-2.9.1716 started
2017-12-12 18:18:50 WARNING Due to a limitation in the Windows EventLog subsystem, a query cannot contain more than 256 sources.

here is my nxlog-configuration:

AskedDecember 15, 2017 - 11:11am
1
response

256 sources limit

Back to conversation about current workaround... Windows Server 2016 has more than 256 channels. Is it possible to create a second thread/instance to subscribe for the remaining channels? I can try to guess and create XML filter to exclude some unneeded for now but tomorrow MS can create more channels with some update and would be nice if it handled automatically.

AskedJuly 28, 2017 - 1:41am
3
responses

Can NXLog collect Windows XML Event logs vs Rendered Logs?

NXLog IM_MSVistaLog module collects the Rendered Event log rather than the raw XML Windows Event Log.  

Is there a configuration option in the NXLog agent or IMVistaLog module to enable collecting the original Windows XML Event Log rather than the Rendered Event Log?

Best Regards,

Chris

 

Edit: Think I worked this out. Appears to collect the XML data but also the rendered log field. This would lead questions to be:

AskedJune 14, 2017 - 10:32pm
1
response

Windows Eventlog - registry ref objects do not resolve

I am new and I apologies in advance if this question has been asked already.

Problem:

I am us nxlog to forward windows eventlogs (json format) to central logging system.

Not all object are resolved in the message … example.

Object: Object Server:

DS Object Type: %{e0fa1e8c-9b45-11d0-afdd-00c04fd930c9}

Object Name: %{cc0985a1-b646-4957-bb95-ac8fe9ad147a}

Question:

AskedNovember 24, 2015 - 4:27pm

Pages