Large eventlog entries makes nxlog "hang" - Page 1

#1 MagnusBjarnlid 9 years ago

---------------------------------------

2014-10-27 17:10:32 ERROR EvtNext failed with error 1734: The array bounds are invalid.
2014-10-27 17:10:33 ERROR EvtUpdateBookmark failed: The handle is invalid.

----------------------------------------

Why is this? Is there any workaround?

Permalink

#2 adm Nxlog ✓ 9 years ago

#1 MagnusBjarnlid

We are using nxlog to collect eventlog information. Some entries can be large, in fact some message are split over several entries as a workaround for the maximum eventlog entry size. However, these large entries seem to hang nxlog so that it stops processing new entries. Typical error messages are: --------------------------------------- 2014-10-27 17:10:32 ERROR EvtNext failed with error 1734: The array bounds are invalid. 2014-10-27 17:10:33 ERROR EvtUpdateBookmark failed: The handle is invalid. ---------------------------------------- Why is this? Is there any workaround?

Error 1734 is an RPC error and this is local eventlog so the error message does not tell much (it might be braindead already and thus a buggy error code).

If you can provide a POC test case which can be used to reproduce this by using eventcreate or some other tool to inject the offending eventlog entry, then please open a ticket in the Support ticketing system.

Thanks