NXLog search
Let's talk Start free
Let's talk Start free

nxlog-ce-3.0.2284 on Windows, exec_async can not running powershell or batch script...

Tags: #exec_async can not run powershell or batch script ...
#1 shinee

Hello! I would execute an simple powershell script that only creates a folder, at every incoming ERROR message. But can not running powershell script! My config file is as follows:

<Input 1>

Module  		im_tcp
host    		0.0.0.0
Port    		514
Exec    		parse_syslog();

</Input>

<Output out>

Module om_file
Module    xm_exec 
File &quot;C:\\NXlogs\\Test_Log.log&quot;
exec 	if $raw_event =~ /ERROR/ exec_async(&quot;C:\\windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe&quot;, &quot;-ExecutionPolicy&quot;, &quot;Bypass&quot;, &quot;-command&quot;, &quot;‪‪C:\\NXlogs\\test.ps1&quot;);

</Output>

<Route > Path 1 => out </Route>

After running it got error message like:

2022-09-07 15:21:22 ERROR subprocess 'C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe' was terminated by a signal.

Even running notpad.exe or a batch script have got same error like: ERROR subprocess ................. was terminated by a signal.

Does anyone know what is the reason?

Permalink
#2 jeffron Nxlog ✓
#1 shinee
Hello! I would execute an simple powershell script that only creates a folder, at every incoming ERROR message. But can not running powershell script! My config file is as follows: <Input 1> Module im_tcp host 0.0.0.0 Port 514 Exec parse_syslog(); </Input> <Output out> Module om_file Module xm_exec File &quot;C:\\NXlogs\\Test_Log.log&quot; exec if $raw_event =~ /ERROR/ exec_async(&quot;C:\\windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe&quot;, &quot;-ExecutionPolicy&quot;, &quot;Bypass&quot;, &quot;-command&quot;, &quot;‪‪C:\\NXlogs\\test.ps1&quot;); </Output> <Route > Path 1 => out </Route> After running it got error message like: 2022-09-07 15:21:22 ERROR subprocess 'C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe' was terminated by a signal. Even running notpad.exe or a batch script have got same error like: ERROR subprocess ................. was terminated by a signal. Does anyone know what is the reason?

Hi Shinee,

it appears the agent was failing due to a wrong configuration. You need to add xm_exec module to an extension module.

<Extension _exec>
	Module xm_exec
</Extension>

<Input in>	
	Module im_tcp
	ListenAddr 0.0.0.0:514
	Exec parse_syslog();
</Input>

<Output out>
	Module om_file
	File "C:\\NXlogs\\Test_Log.log"
	<Exec>
		if $raw_event =~ /ERROR/
			exec_async("C:\\windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe", "-ExecutionPolicy", "Bypass", "-command", "‪‪C:\\NXlogs\\test.ps1");
	</Exec>
</Output>

<Route 1>
	Path in => out
</Route>

I hope this helps.

Jeffron
Login to see more