NXLog search
Let's talk Start free
Let's talk Start free

module csv_parser not found

View thread
mike.jung@gopai.com

Hi:

I am new to nxlog but I do haves sending windows events into graylog via nxlogs so I know some basics.I am know trying to parse csv exchange logs.

I am running the community version.

I realize I have no output or routing statements yet.

The log does not complain about the module xm_csv being found but does complain about module csv_parser not being found.

I used this as starting point: https://docs.nxlog.co/integrate/exchange.html using the community section for reference.If someone could offer any hints I would be most grateful.

--mikej

Version: nxlog-ce-3.2.2329

LOGFILE:

C:\Program Files\nxlog\data>type nxlog.log2024-03-25 15:15:51 ERROR Couldn't parse Exec block at C:\Program Files\nxlog\conf\nxlog.d\\protocol.conf:21; couldn't parse statement at line 25, character 27 in C:\Program Files\nxlog\conf\nxlog.d\\protocol.conf; module csv_parser not found2024-03-25 15:15:51 ERROR Couldn't parse Exec block at C:\Program Files\nxlog\conf\nxlog.d\\protocol.conf:34; couldn't parse statement at line 38, character 26 in C:\Program Files\nxlog\conf\nxlog.d\\protocol.conf; module csv_parser not found2024-03-25 15:15:51 WARNING not starting unused module smtp_receive2024-03-25 15:15:51 WARNING not starting unused module smtp_send2024-03-25 15:15:51 INFO nxlog-ce-3.2.2329 started

CONFIG FILE: protocol.conf - in nxlog.d

define BASEDIR C:\Program Files\Microsoft\Exchange Server\V15

#Software: Microsoft Exchange Server#Version: 15.0.0.0#Log-type: SMTP Receive Protocol Log#Date: 2024-03-25T19:00:26.686Z#Fields: date-time,connector-id,session-id,sequence-number,local-endpoint,remote-endpoint,event,data,context

## MJ number of fields matches count

<Extension csv>       Module    xm_csv       Fields    date-time, connector-id, session-id, sequence-number, \                 local-endpoint, remote-endpoint, event, data, context</Extension>

<Input smtp_receive>Module    im_file   File      '%BASEDIR%\TransportRoles\Logs\Hub\ProtocolLog\SmtpReceive\RECV*.LOG'<Exec> if $raw_event =~ /^(\xEF\xBB\xBF)?(date-time,|#)/ drop(); else {  csv_parser->parse_csv();  $EventTime = parsedate(${date-time}); }</Exec></Input>

<Input smtp_send>Module    im_fileFile      '%BASEDIR%\TransportRoles\Logs\Hub\ProtocolLog\SmtpSend\SEND*.LOG'<Exec>   if $raw_event =~ /^(\xEF\xBB\xBF)?(date-time,|#)/ drop();else{ csv_parser->parse_csv(); $EventTime = parsedate(${date-time});}</Exec></Input>