Google Chronicle (om_chronicle) with multiple input and output error [HELP]


#1 billychua (Last updated )

Anyone has encounter error before or have issue when doing multiple input and output for chronicle.

If i list 1 chronicle setting and with the below configuration will have no error. 

define BASE_URL           https://abc.defgh.ijkhlmn

define ENDPOINT           unstructuredlogentries

define API_KEY            key=ABCdefghiJKLNMOP

<Input listener1>       

Module im_tcp       

Host    1.1.1.1:10000

</Input>

<Output to_chronicle_out>   

Module                om_chronicle   

URL                   %BASE_URL%%ENDPOINT%?%API_KEY%   

HTTPSCAFile           \opt\cert.crt   

LogType               WINEVTLOG  

 ChronicleBatchSize    1024

</Output>

<Route route_chronicle>   

Path listener1 => to_chronicle_out

</Route>

 

If i list 2 or more chronicle setting and i do encounter error

define BASE_URL           https://abc.defgh.ijkhlmn

define ENDPOINT           unstructuredlogentries

define API_KEY            key=ABCdefghiJKLNMOP

<Input listener1>       

Module im_tcp       

Host   1.1.1.1:10000

</Input>

<Input listener2>       

Module im_tcp       

Host    1.1.1.1:10001

</Input>

<Output to_chronicle_out>   

Module                om_chronicle   

URL                   %BASE_URL%%ENDPOINT%?%API_KEY%   

HTTPSCAFile           \opt\cert.crt   

LogType               WINEVTLOG   

ChronicleBatchSize    1024

</Output>

<Output to_chronicle_out1>   

Module                om_chronicle   

URL                   %BASE_URL%%ENDPOINT%?%API_KEY%   

HTTPSCAFile           \opt\cert.crt   

LogType               WINEVTLOG   

ChronicleBatchSize    1024

</Output>

<Route route_chronicle>   

Path listener1 => to_chronicle_out

</Route>

<Route route_chronicle1>   

Path listener2 => to_chronicle_out1

</Route>

The error i'm getting is. 

 ERROR [CORE|main] can't initialize logger: already initialized 

 

#2 konstantinosDeactivated Nxlog ✓

Hi Billy,

What NXLog version are you running? This has been fixed since EEv5.6 ref.4069 https://docs.nxlog.co/refman/current/changelog.html#5-6-7727-15-september-2022  

If you are running a trial you can get direct support from an NXLog engineer, let me know if you'd like me to put you in touch with Presales.

Cheers,

Konstantinos