nxlog on 2008 have issues while 2012 and 2016 works fine
I setup nxlog on windows 2008 , windows 2008 R2 , windows 2012 and windows 2016.
windows 2008 and 2008 R2 nxlog have some issue with connection with syslog server while 2012 and 2016 works perfectly fine.
> nxlog log file
2019-01-31 22:06:31 ERROR om_tcp send failed; An existing connection was forcibly closed by the remote host. 2019-01-31 22:06:32 INFO connecting to <some loadbalancer IP> 2019-01-31 22:24:57 INFO reconnecting in 1 seconds 2019-01-31 22:24:58 INFO connecting to <some loadbalancer IP>:514 2019-01-31 22:41:51 INFO reconnecting in 1 seconds 2019-01-31 22:41:52 INFO connecting to <some loadbalancer IP>:514 2019-02-01 00:45:43 INFO reconnecting in 1 seconds 2019-02-01 00:45:44 INFO connecting to <some loadbalancer IP>:514 2019-02-01 01:00:56 INFO reconnecting in 1 seconds 2019-02-01 01:00:56 ERROR om_tcp send failed; An existing connection was forcibly closed by the remote host. 2019-02-01 01:00:56 INFO reconnecting in 2 seconds 2019-02-01 01:00:57 INFO connecting to <some loadbalancer IP>:514 2019-02-01 01:19:06 WARNING received a system shutdown request 2019-02-01 01:19:06 WARNING stopping nxlog service 2019-02-01 01:19:06 WARNING nxlog-ce received a termination request signal, exiting... 2019-02-01 01:19:42 INFO nxlog-ce-2.10.2150 started 2019-02-01 01:19:42 INFO connecting to <some loadbalancer IP>:514 2019-02-01 01:20:09 INFO reconnecting in 1 seconds 2019-02-01 01:20:09 ERROR om_tcp send failed; An existing connection was forcibly closed by the remote host. 2019-02-01 01:20:10 INFO connecting to <some loadbalancer IP>:514 2019-02-01 01:20:13 WARNING received a system shutdown request 2019-02-01 01:20:13 WARNING stopping nxlog service 2019-02-01 01:20:13 WARNING nxlog-ce received a termination request signal, exiting... 2019-02-01 01:20:47 INFO nxlog-ce-2.10.2150 started 2019-02-01 01:20:47 INFO connecting to <some loadbalancer IP>o:514 2019-02-01 02:03:05 INFO reconnecting in 1 seconds 2019-02-01 02:03:05 ERROR om_tcp send failed; An existing connection was forcibly closed by the remote host. 2019-02-01 02:03:06 INFO connecting to <some loadbalancer IP>:514
> Configuration file
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogLevel INFO
<Extension _syslog>
Module xm_syslog
</Extension>
<Input eventlog>
Module im_msvistalog
<QueryXML>
<QueryList>
<Query Id='0'>
<Select Path='Application'>*</Select>
<Select Path='Security'>*</Select>
<Select Path='System'>*</Select>
</Query>
</QueryList>
</QueryXML>
</Input>
<Output tcp>
Module om_tcp
Host <Load Balancer IP>
Port 514
Exec to_syslog_snare();
</Output>
<Route 1>
Path eventlog => tcp
</Route>
What could be the issue? Is there anything more to be added in 2008 and 2008R2?
