Let's Talk
Let's Talk

perl_call() method is not working in windows 11

Tags: NXLog Community Edition
#1 Ankur Gangwar

Purpose: To add geographical information (geoip) with the logs.

Problem: I am trying to add geoip in the logs coming from linux and windows hosts. For that I have gone through https://docs.nxlog.co/ce/current/index.html#xm_perl. In both (windows and linux hosts). i am not able to run nxlog, after modifying the nxlog config according to the given link.

Windows-11: First, I have installed perl-5.28.2.1, after that i have modified the config. When i am trying to restart nxlog service, It is showing the following error in log file:

2023-12-04 07:09:22 ERROR Failed to load module from C:\Program Files\nxlog\modules\extension\xm_perl.dll, The specified module could not be found.  ; The specified module could not be found.  
2023-12-04 07:09:22 ERROR Couldn't parse Exec block at C:\Program Files\nxlog\conf\nxlog.conf:62; couldn't parse statement at line 65, character 0 in C:\Program Files\nxlog\conf\nxlog.conf; function 'perl_call()' does not exist or takes different arguments
2023-12-04 07:09:22 ERROR module 'sys_in' has configuration errors, not adding to route '1' at C:\Program Files\nxlog\conf\nxlog.conf:81
2023-12-04 07:09:22 ERROR route 1 is not functional without input modules, ignored at C:\Program Files\nxlog\conf\nxlog.conf:81
2023-12-04 07:09:22 WARNING no routes defined!
2023-12-04 07:09:22 WARNING not starting unused module sys_in
2023-12-04 07:09:22 WARNING not starting unused module sys_out

config is as follows:

Panic Soft
#NoFreeOnExit TRUE
define ROOT     C:\Program Files\nxlog
define CERTDIR  %ROOT%\cert
define CONFDIR  %ROOT%\conf\nxlog.d
define LOGDIR   %ROOT%\data
include %CONFDIR%\\*.conf
define LOGFILE  %LOGDIR%\nxlog.log
LogFile %LOGFILE%
Moduledir %ROOT%\modules
CacheDir  %ROOT%\data
Pidfile   %ROOT%\data\nxlog.pid
SpoolDir  %ROOT%\data
<Extension _syslog>
   Module      xm_syslog
</Extension>
<Extension _json>
   Module      xm_json
</Extension>
<Extension _charconv>
   Module      xm_charconv
   AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
</Extension>
<Extension _exec>
   Module      xm_exec
</Extension>
<Extension perl>
   Module      xm_perl
   PerlCode    C:\Program Files\nxlog\modules\extension\perl\processlogs.pl
</Extension>
<Extension _fileop>
   Module      xm_fileop
   # Check the size of our log file hourly, rotate if larger than 5MB
   <Schedule>
       Every   1 hour
       Exec    if (file_exists('%LOGFILE%') and \
                  (file_size('%LOGFILE%') >= 5M)) \
                   file_cycle('%LOGFILE%', 8);
   </Schedule>
   # Rotate our log file every week on Sunday at midnight
   <Schedule>
       When    @weekly
       Exec    if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
   </Schedule>
</Extension>

# Sending the system logs over tcp
<Input sys_in>
    Module      im_msvistalog
    <Exec>
       $raw_event = "windows " + to_json();
       perl_call("process")
    </Exec>
</Input>
#setting the output to rsyslog server
<Output sys_out>
    Module      om_tcp
    Host        <ip-address of rsyslog server>
    Port        514
    # First we parse the input natively from nxlog
    Exec        parse_syslog_bsd();
    # Now call the 'process' subroutine defined in 'processlogs.pl'
    Exec        to_json();
</Output>
<Route 1>
    Path        sys_in => sys_out
</Route>

Linux-Ubuntu(22.04): I have not installed perl as it is already installed. So i modified the config, and restarted the nxlog service, but in the logs it is showing as:

2023-12-04 14:41:52 ERROR the perl interpreter failed to parse /etc/nxlog/processlogs.pl
2023-12-04 14:41:52 INFO nxlog-ce-3.2.2329 started
2023-12-04 14:41:52 INFO connecting to <ip-address of rsyslog server>:514
2023-12-04 14:41:52 ERROR the perl interpreter failed to parse /etc/nxlog/processlogs.pl

Config is as follows:

## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally under
## /usr/share/doc/nxlog-ce/ and is also available online at
## http://nxlog.org/docs
########################################
# Global directives                    #
########################################
User nxlog
Group nxlog
include /etc/nxlog/nxlog.d/*.conf
LogFile /var/log/nxlog/nxlog.log
LogLevel INFO
########################################
# Modules                              #
########################################
<Extension _syslog>
   Module      xm_syslog
</Extension>
<Extension perl>
   Module      xm_perl
   PerlCode    /etc/nxlog/processlogs.pl
</Extension>
<Input in1>
   Module      im_file
   File        "/var/log/auth.log"
   <Exec>
       $raw_event = " ankurlapauthlogs " + $raw_event;
   </Exec>
</Input>
<Output fileout1>
   Module      om_tcp
   Host        <ip-address of rsyslog server>
   Port        514
   Exec        perl_call("process");
   Exec        to_syslog_bsd();
</Output>
########################################
# Routes                               #
########################################
<Route 1>
   Path        in1 => fileout1
</Route>

P.S. i am using the same processlogs.pl file as given in the refrence manual.

Permalink
Login to post