NXLog Enterprise and EVTX (eventlog) files | View post

micsnare 5 years ago

Hello all,

I'm currently running NXLog Enterprise in Version nxlog-4.0.3550-x64 with the following config:

<Input eventlog>
Module  im_msvistalog
File    C:\logs\Security.evtx
</Input>

<Input application>
    Module  im_msvistalog
    File    C:\logs\Application.evtx
</Input>

Trying to read-in from 2 local evtx files. In the nxlog.log I see the following error:

2019-01-21 14:34:33 ERROR ### ASSERTION FAILED at line 1945 in im_msvistalog.c/im_msvistalog_start(): "((nx_im_msvistalog_subscr_t **)(imconf->q_subs->elts))[imconf->q_subs->nelts-1]->query = imconf->_query" ###
2019-01-21 14:34:36 ERROR last message repeated 4 times
2019-01-21 14:34:36 ERROR ### ASSERTION FAILED at line 1945 in im_msvistalog.c/im_msvistalog_start(): "((nx_im_msvistalog_subscr_t **)(imconf->q_subs->elts))[imconf->q_subs->nelts-1]->query = imconf->_query" ###

Do you know what I'm doing wrong here?

From what I've read in the manual, the enterprise edition should be able to read evtx files.

best regards, micsnare