NXLog search
Let's talk Start free
Let's talk Start free

nxlog config file for 2003 servers

Tags: NXLog Community Edition
#1 punith (Last updated )

Hello Team,

I am new to nxlog and i have a requirement to collect windows logs from 2003 servers and the agent version that i am using is “nxlog-ce-2.11.2190”

As per the documnet i have used im_mseventlog module, but still getting error and not able to pull the logs from 2003 servers. If some one please share me the config file for 2003 servers would be a great help 

below is the error that we are getting when starting the nxlog service.

2022-12-21 09:37:50 WARNING nxlog-ce received a termination request signal, exiting...
2022-12-21 09:37:51 ERROR invalid keyword: QueryXML at C:\Program Files\nxlog\conf\nxlog.conf:27
2022-12-21 09:37:51 ERROR module 'eventlog' has configuration errors, not adding to route '1' at C:\Program Files\nxlog\conf\nxlog.conf:59
2022-12-21 09:37:51 ERROR route 1 is not functional without input modules, ignored at C:\Program Files\nxlog\conf\nxlog.conf:59
2022-12-21 09:37:51 WARNING no routes defined!
2022-12-21 09:37:51 WARNING not starting unused module eventlog
2022-12-21 09:37:51 WARNING not starting unused module syslogout
2022-12-21 09:37:51 INFO nxlog-ce-2.11.2190 started

 

my config file.

#NoFreeOnExit TRUE

 

define ROOT     C:\Program Files\nxlog
define CERTDIR  %ROOT%\cert
define CONFDIR  %ROOT%\conf
define LOGDIR   %ROOT%\data
define LOGFILE  %LOGDIR%\nxlog.log
LogFile %LOGFILE%

 

Moduledir %ROOT%\modules
CacheDir  %ROOT%\data
Pidfile   %ROOT%\data\nxlog.pid
SpoolDir  %ROOT%\data

 

<Extension _syslog>
    Module      xm_syslog
</Extension>

 

############INPUTS########

 


<Input eventlog>

 

Module im_mseventlog

 

<QueryXML>
<QueryList>
<Query Id="0">
<Select Path="Security">*</Select>
</Query>
</QueryList>
</QueryXML>
</Input>

 

#<Processor eventlog_transformer>
#Module pm_transformer
#</Processor>

 

#<Processor buffer>
#Module pm_buffer
#MaxSize 102400
#Type disk
#</Processor>

 


<Output syslogout>
#Module om_udp
Module om_tcp
Host syslogip
Port 514

 

Exec to_syslog_snare();
</Output>
#<Route 1>
#Path eventlog => eventlog_transformer => syslogout
#</Route>
<Route 1>
Path eventlog => syslogout
</Route>
Permalink
#2 gahorvath Nxlog ✓ (Last updated )

Hi there,

your example uses the syntax of im_msvistalog with the im_mseventlog module.

im_mseventlog uses the Sources Security directive in place of QueryXML

Please review the documentation here:

https://docs.nxlog.co/ce/current/index.html#im_mseventlog_config

Gabor
Login to see more