NXLog search
Let's talk Start free
Let's talk Start free

ERROR invalid keyword:

Tags: nxlog
#1 HHHHH

 

hello I had an error  while execting nxlog on windows server 

2017-05-11 15:34:51 ERROR invalid keyword: { at C:\Program Files (x86)\nxlog\conf\nxlog.conf:38

 

NXLOG.CONF


define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension _syslog>
    Module      xm_syslog
</Extension>

<Input in>

Module  im_file

File 'C:\DNSlogs\DNSlogs.log'
SavePos TRUE
ReadFromLast TRUE
PollInterval 5
CloseWhenIdle TRUE
# The following line is the pre-parsing of DNS log. It turns the normal DNS log line into a more readable and easy for parsing with OSSIM format
 Exec if $raw_event =~/(\d+\/\d+\/\d+\s+\d+\:\d+\:\d+)\s+.*(Snd|Rcv)\s+(\d+\.\d+\.\d+\.\d+)\s+\S+\s+\w+\s+\w+\s+\S+\s+\w+\s+\S+\s+(\w+)\s+\(\d+\)(\S+)\(\d+\)/\

 { \
                  $EventTime = parsedate($1); \
                  $SourceName = $3; \
                  $ProcessID = $2; \
                  $Message = $5; \
                  if $Message =~ s/\(\d+\)/./g log_info("removed all whitespace in SourceName"); \
                }
</Input>

<Output out>
    Module      om_udp
    Host        80.176.253.71
    Port        514
    Exec        to_syslog_bsd();
</Output>

<Route 1>
    Path        in => out
</Route>

thx for help 

Permalink
#2 b0ti Nxlog ✓
#1 HHHHH
  hello I had an error  while execting nxlog on windows server  2017-05-11 15:34:51 ERROR invalid keyword: { at C:\Program Files (x86)\nxlog\conf\nxlog.conf:38   NXLOG.CONF define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension _syslog>     Module      xm_syslog </Extension> <Input in> Module  im_file File 'C:\DNSlogs\DNSlogs.log' SavePos TRUE ReadFromLast TRUE PollInterval 5 CloseWhenIdle TRUE # The following line is the pre-parsing of DNS log. It turns the normal DNS log line into a more readable and easy for parsing with OSSIM format  Exec if $raw_event =~/(\d+\/\d+\/\d+\s+\d+\:\d+\:\d+)\s+.*(Snd|Rcv)\s+(\d+\.\d+\.\d+\.\d+)\s+\S+\s+\w+\s+\w+\s+\S+\s+\w+\s+\S+\s+(\w+)\s+\(\d+\)(\S+)\(\d+\)/\  { \                   $EventTime = parsedate($1); \                   $SourceName = $3; \                   $ProcessID = $2; \                   $Message = $5; \                   if $Message =~ s/\(\d+\)/./g log_info("removed all whitespace in SourceName"); \                 } </Input> <Output out>     Module      om_udp     Host        80.176.253.71     Port        514     Exec        to_syslog_bsd(); </Output> <Route 1>     Path        in => out </Route> thx for help 

There is an extra blank line before  { \  that's causing the issue.

You should use <Exec></Exec> and get rid of the trailing backslashes.

 
Login to see more