NXLog search
Let's talk Start free
Let's talk Start free

NXLog Enterprise and EVTX (eventlog) files

Tags: nxlog evtx windows eventlog
#1 micsnare

Hello all,

I'm currently running NXLog Enterprise in Version nxlog-4.0.3550-x64 with the following config:

<Input eventlog>
Module  im_msvistalog
File    C:\logs\Security.evtx
</Input>

<Input application>
    Module  im_msvistalog
    File    C:\logs\Application.evtx
</Input>

Trying to read-in from 2 local evtx files. In the nxlog.log I see the following error:

2019-01-21 14:34:33 ERROR ### ASSERTION FAILED at line 1945 in im_msvistalog.c/im_msvistalog_start(): "((nx_im_msvistalog_subscr_t **)(imconf->q_subs->elts))[imconf->q_subs->nelts-1]->query = imconf->_query" ###
2019-01-21 14:34:36 ERROR last message repeated 4 times
2019-01-21 14:34:36 ERROR ### ASSERTION FAILED at line 1945 in im_msvistalog.c/im_msvistalog_start(): "((nx_im_msvistalog_subscr_t **)(imconf->q_subs->elts))[imconf->q_subs->nelts-1]->query = imconf->_query" ###

Do you know what I'm doing wrong here?

From what I've read in the manual, the enterprise edition should be able to read evtx files.

best regards, micsnare

Permalink
#2 Zhengshi Nxlog ✓
#1 micsnare
Hello all, I'm currently running NXLog Enterprise in Version nxlog-4.0.3550-x64 with the following config: <Input eventlog> Module im_msvistalog File C:\logs\Security.evtx </Input> <Input application> Module im_msvistalog File C:\logs\Application.evtx </Input> Trying to read-in from 2 local evtx files. In the nxlog.log I see the following error: 2019-01-21 14:34:33 ERROR ### ASSERTION FAILED at line 1945 in im_msvistalog.c/im_msvistalog_start(): "((nx_im_msvistalog_subscr_t **)(imconf->q_subs->elts))[imconf->q_subs->nelts-1]->query = imconf->_query" ### 2019-01-21 14:34:36 ERROR last message repeated 4 times 2019-01-21 14:34:36 ERROR ### ASSERTION FAILED at line 1945 in im_msvistalog.c/im_msvistalog_start(): "((nx_im_msvistalog_subscr_t **)(imconf->q_subs->elts))[imconf->q_subs->nelts-1]->query = imconf->_query" ### Do you know what I'm doing wrong here? From what I've read in the manual, the enterprise edition should be able to read evtx files. best regards, micsnare

From what I've read in the manual, the enterprise edition should be able to read evtx files.

You are right, it should and does on more recent versions. :) There was a regression in v4.0.3550 that caused this error. It was fixed in subsequent versions.
Please see the following forum post:
https://nxlog.co/question/3643/immsvistalog-assertion-failed
Login to see more