seems there is a bug in im_msvistalog module in nxlog-ce-3.0.2272 for Windows.
After service has generated some output, stopping service sometimes give the message box "Broken pipe" and sometimes Nxlog write a malformed configcache.dat and following the start posts an ERROR failed to restore the saved position from bookmark xml (error:15008)"
Tested on Windows 2012 R2 and Windows 2019
<Output out> Module om_file File '%LOGDIR%\Output' </Output> <Input _im_eventlog> Module im_msvistalog SavePos TRUE <QueryXML> <QueryList> <Query Id='1'> <Select Path='Security'>*</Select> </Query> </QueryList> </QueryXML> # Query <QueryList>\ # <Query Id='0'>\ # <Select Path="Security">*</Select>\ # </Query>\ # </QueryList> </Input> #<Output outNull> # Module om_null #</Output> <Route RouteA> Path _im_eventlog => out </Route>
This issue make the module not worth to use because not saving the bookmark of the processed registry record, force it to generate same logs from start over each service restart.
Need to inform that
NXLog Community Edition 3.0.2284 is now available on the download page.
This is a
minimal hotfix release addressing
two critical bugs community users reported against the released NXLog CE 3.0 Windows build:
If needed attaching the news link