NXLog search
Let's talk Start free
Let's talk Start free

Issue with sending eventlogs.

View thread
mats

It seems I have a problem with Nxlog-ce and Windows eventlog after power resume/reconnect to the network.

On the high level we won't get any logs from a a machine before we restart the nxlog service. It shows as runnig but sends no logs. As soon as you restart it, the logs are sent.

I Enabled debug logging and got the following

2017-11-27 08:02:40 DEBUG before nx_logqueue_push, size: 26 2017-11-27 08:02:40 DEBUG nx_event_to_jobqueue: DATA_AVAILABLE (eventlogOUT) 2017-11-27 08:02:40 DEBUG executing statements 2017-11-27 08:02:40 DEBUG evaluating expression 'string literal' at C:\Program Files (x86)\nxlog\conf\add-on\eventlog_client.conf:3 2017-11-27 08:02:40 DEBUG evaluating expression 'string literal' at C:\Program Files (x86)\nxlog\conf\add-on\eventlog_client.conf:4 2017-11-27 08:02:40 DEBUG evaluating expression 'string literal' at C:\Program Files (x86)\nxlog\conf\add-on\eventlog_client.conf:5 2017-11-27 08:02:40 DEBUG evaluating expression 'string literal' at C:\Program Files (x86)\nxlog\conf\add-on\eventlog_client.conf:6 2017-11-27 08:02:40 DEBUG evaluating expression 'string literal' at C:\Program Files (x86)\nxlog\conf\add-on\eventlog_client.conf:7 2017-11-27 08:02:40 DEBUG evaluating expression 'string literal' at C:\Program Files (x86)\nxlog\conf\add-on\eventlog_client.conf:8 2017-11-27 08:02:40 DEBUG evaluating expression 'string literal' at C:\Program Files (x86)\nxlog\conf\add-on\eventlog_client.conf:9 2017-11-27 08:02:40 DEBUG evaluating expression 'string literal' at C:\Program Files (x86)\nxlog\conf\add-on\eventlog_client.conf:10 2017-11-27 08:02:40 DEBUG evaluating expression 'string literal' at C:\Program Files (x86)\nxlog\conf\add-on\eventlog_client.conf:11 2017-11-27 08:02:40 DEBUG evaluating expression 'string literal' at C:\Program Files (x86)\nxlog\conf\add-on\eventlog_client.conf:12 2017-11-27 08:02:40 DEBUG before nx_logqueue_push, size: 27 2017-11-27 08:02:40 DEBUG nx_event_to_jobqueue: DATA_AVAILABLE (eventlogOUT) 2017-11-27 08:02:40 ERROR Exception was caused by "apr_sockaddr_info_get(&sa, omconf->host, APR_INET, omconf->port, 0, pool)" at om_udp.c:279/om_udp_connect(); [om_udp.c:279/om_udp_connect()] apr_sockaddr_info failed for Myhost.mydomain.XX:12235; Det begärda namnet är giltigt men data för den begärda typen kunde inte hittas.
2017-11-27 08:02:40 DEBUG worker 2 processing event 0x27a5078 2017-11-27 08:02:40 DEBUG PROCESS_EVENT: DATA_AVAILABLE (eventlogOUT) 2017-11-27 08:02:40 DEBUG om_udp_write 2017-11-27 08:02:40 DEBUG module eventlogOUT is not running, not reading any more data 2017-11-27 08:02:40 DEBUG worker 2 waiting for new event 2017-11-27 08:02:40 DEBUG executing statements

my NXlog.conf looks like this

Nxlog.conf

Created: 10/12/2017 15:21:54

LogLevel DEBUG define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log

<Extension gelf> Module xm_gelf </Extension>

Include plug-in directory

include %ROOT%\conf\add-on\*.conf

and I have an include file for the eventlog that looks like this <Input eventlogIN> Module im_msvistalog </Input>

<Output eventlogOUT> Module om_udp Host myhost.mydomain.xx Port 12235 OutputType GELF </Output>

<Route eventlog> Path eventlogIN => eventlogOUT </Route>

Has anyone seen this before or got some ideas?