NXLog 4.3.4308 is failed to subscribe to msvistalog events
#1
hatula
Hi everyone!
You many help me, thanks a lot. I hope you kind to help me now.
My NXLog clients don't collect Windows System logs. And now I often see in my logs this message:
2019-06-04 17:49:50 INFO nxlog-4.3.4308 started
2019-06-04 17:49:50 ERROR failed to subscribe to msvistalog events using bookmark: The interface is unknown.
2019-06-04 17:49:50 ERROR failed to subscribe to msvistalog events using bookmark: The interface is unknown.
<QueryList>
<Query Id='1'>
<Select Path='System'>*</Select>
</Query>
</QueryList>
<QueryList>
<Query Id='1'>
<Select Path='Application'>*</Select>
</Query>
</QueryList>
2019-06-04 17:49:50 ERROR failed to subscribe to msvistalog events [error code: 1717]; The interface is unknown.
My config:
define ROOT C:\nxlog
define NXLOGLOGFILE %ROOT%\data\nxlog.log
define CERTDIR %ROOT%\cert
PersistLogqueue TRUE
SyncLogqueue TRUE
CacheFlushInterval 0
CacheSync TRUE
<Input winapp>
Module im_msvistalog
ReadFromLast TRUE
<QueryXML>
<QueryList>
<Query Id='1'>
<Select Path='Application'>*</Select>
</Query>
</QueryList>
</QueryXML>
Exec $FileName = 'winapp.log';
Exec $EventTime = $EventReceivedTime;
</Input>
<Input winsys>
Module im_msvistalog
ReadFromLast TRUE
<QueryXML>
<QueryList>
<Query Id='1'>
<Select Path='System'>*</Select>
</Query>
</QueryList>
</QueryXML>
Exec $FileName = 'winsys.log';
Exec $EventTime = $EventReceivedTime;
</Input>
<Output out>
BufferSize 9500000
Module om_batchcompress
Host 192.168.100.100
Port 1514
UseSSL true
AllowUntrusted TRUE
CAFile %CERTDIR%\cacert.pem
CertFile %CERTDIR%\clientcert.pem
CertKeyFile %CERTDIR%\clientkey.pem
</Output>
<Route client>
Path winapp, winsys => out
</Route>
After restart service nothing new.
Any ideas, please!
#1
hatula
Hi everyone!
You many help me, thanks a lot. I hope you kind to help me now.
My NXLog clients don't collect Windows System logs. And now I often see in my logs this message:
2019-06-04 17:49:50 INFO nxlog-4.3.4308 started
2019-06-04 17:49:50 ERROR failed to subscribe to msvistalog events using bookmark: The interface is unknown.
2019-06-04 17:49:50 ERROR failed to subscribe to msvistalog events using bookmark: The interface is unknown.
<QueryList>
<Query Id='1'>
<Select Path='System'>*</Select>
</Query>
</QueryList>
<QueryList>
<Query Id='1'>
<Select Path='Application'>*</Select>
</Query>
</QueryList>
2019-06-04 17:49:50 ERROR failed to subscribe to msvistalog events [error code: 1717]; The interface is unknown.
My config:
define ROOT C:\nxlog
define NXLOGLOGFILE %ROOT%\data\nxlog.log
define CERTDIR %ROOT%\cert
PersistLogqueue TRUE
SyncLogqueue TRUE
CacheFlushInterval 0
CacheSync TRUE
<Input winapp>
Module im_msvistalog
ReadFromLast TRUE
<QueryXML>
<QueryList>
<Query Id='1'>
<Select Path='Application'>*</Select>
</Query>
</QueryList>
</QueryXML>
Exec $FileName = 'winapp.log';
Exec $EventTime = $EventReceivedTime;
</Input>
<Input winsys>
Module im_msvistalog
ReadFromLast TRUE
<QueryXML>
<QueryList>
<Query Id='1'>
<Select Path='System'>*</Select>
</Query>
</QueryList>
</QueryXML>
Exec $FileName = 'winsys.log';
Exec $EventTime = $EventReceivedTime;
</Input>
<Output out>
BufferSize 9500000
Module om_batchcompress
Host 192.168.100.100
Port 1514
UseSSL true
AllowUntrusted TRUE
CAFile %CERTDIR%\cacert.pem
CertFile %CERTDIR%\clientcert.pem
CertKeyFile %CERTDIR%\clientkey.pem
</Output>
<Route client>
Path winapp, winsys => out
</Route>
After restart service nothing new.
Any ideas, please!
The interface is unknown error messages are normally because the underlying Event Log service is not running or has errors (not stable).
Suggested steps would be to restart the Windows Event Log service and then restart nxlog. I believe on some Windows versions, the service is just called Event Log.
