Request trial
Request Trial

NXLog Enterprise and EVTX (eventlog) files

View thread
micsnare

Hello all,

I'm currently running NXLog Enterprise in Version nxlog-4.0.3550-x64 with the following config:

<Input eventlog>
Module  im_msvistalog
File    C:\logs\Security.evtx
</Input>

<Input application>
    Module  im_msvistalog
    File    C:\logs\Application.evtx
</Input>

Trying to read-in from 2 local evtx files. In the nxlog.log I see the following error:

2019-01-21 14:34:33 ERROR ### ASSERTION FAILED at line 1945 in im_msvistalog.c/im_msvistalog_start(): "((nx_im_msvistalog_subscr_t **)(imconf->q_subs->elts))[imconf->q_subs->nelts-1]->query = imconf->_query" ###
2019-01-21 14:34:36 ERROR last message repeated 4 times
2019-01-21 14:34:36 ERROR ### ASSERTION FAILED at line 1945 in im_msvistalog.c/im_msvistalog_start(): "((nx_im_msvistalog_subscr_t **)(imconf->q_subs->elts))[imconf->q_subs->nelts-1]->query = imconf->_query" ###

Do you know what I'm doing wrong here?

From what I've read in the manual, the enterprise edition should be able to read evtx files.

best regards, micsnare

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS