how to fix apr_sockaddr_info failed & not functional without input modules for splunk SIEM
1)
2016-03-11 12:03:01 ERROR apr_sockaddr_info failed for 192.168.1.253:514;The requested name is valid, but no data of the requested type was found.
2)
2016-03-11 13:21:37 ERROR module 'in' is not declared at C:\Program Files (x86)\nxlog\conf\nxlog.conf:43
2016-03-11 13:21:37 ERROR route 1 is not functional without input modules, ignored at C:\Program Files (x86)\nxlog\conf\nxlog.conf:43
2016-03-11 13:21:37 WARNING no routes defined!
2016-03-11 13:21:37 WARNING not starting unused module internal
2016-03-11 13:21:37 WARNING not starting unused module out
2016-03-11 13:21:37 INFO nxlog-ce-2.9.1504 started
My nxlog.conf file
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension syslog>
Module xm_json
</Extension>
<Input internal>
Module im_internal
</Input>
<Output out>
Module om_tcp
Host 192.168.253.134
Port 9001
Exec _json();
</Output>
<Route 1>
Path in => out
</Route>
I have configured Receive port on Splunk server which is :9001 and my splunk server ip : 192.168.253.134
I have set the receiving port on my splunk server and trying to get windows 7 logs into my splunk server using nxlog configurations.but having this erros. not able to interpreat these both erros.Appriciate if any one has answer for these both erros.
Thanks!!
The error message in 1) shows:
192.168.1.253:514
Whereas the pasted configuration file has port 9001. Obviously the error comes from a different config.
To collect windows eventlog you need this:
<Input in> Module im_msvistalog # For windows 2003 and earlier use the following: # Module im_mseventlog </Input>
This was present in the default configuration file which you have removed for some reason. That's what the ERROR in 2) is about.
As suggested in the default config file you should read the fine manual:
## See the nxlog reference manual about the ## configuration options. It should be installed locally and is also available ## online at http://nxlog.org/docs/