Let's Talk
Let's Talk

ERROR apr_file_write failed in om_exec on windows os when try to send logs to Azure Log Analytics

View thread
Anton.I

Hello,

I'm trying configure NXlog CE (installed on windows server 2012r2) to collect syslog (from cisco asa), saving it to file and send to Azure Log Analytics (aka Microsoft OMS). In first step I try to collect syslog, convert to json and saving it to file. It's work well. For the next i installed last Pyton (3.8) and check that all libs installed. After that I changed the nxlog.conf according to the manual (https://nxlog.co/documentation/nxlog-user-guide/azure-oms.html#forwarding-data-to-log-analytics). Buy NXlog gives me the following error: ERROR apr_file_write failed in om_exec; The pipe is being closed.

How can I fix this error?

My nxlog.conf:

Panic Soft
#NoFreeOnExit TRUE

define ROOT     C:\Program Files (x86)\nxlog
define CERTDIR  %ROOT%\cert
define CONFDIR  %ROOT%\conf
define LOGDIR   %ROOT%\data
define LOGFILE  %LOGDIR%\nxlog.log
define JSONLOGFILE C:\Program Files (x86)\nxlog\data\json.txt
LogFile %LOGFILE%

Moduledir %ROOT%\modules
CacheDir  %ROOT%\data
Pidfile   %ROOT%\data\nxlog.pid
SpoolDir  %ROOT%\data

<Extension _syslog>
    Module      xm_syslog
</Extension>

<Extension _charconv>
    Module      xm_charconv
    AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
</Extension>

<Extension _exec>
    Module      xm_exec
</Extension>

<Extension _fileop>
    Module      xm_fileop

    # Check the size of our log file hourly, rotate if larger than 5MB
    <Schedule>
        Every   1 hour
        Exec    if (file_exists('%LOGFILE%') and \
                   (file_size('%LOGFILE%') >= 5M)) \
                    file_cycle('%LOGFILE%', 8);
    </Schedule>

    # Rotate our log file every week on Sunday at midnight
    <Schedule>
        When    @weekly
        Exec    if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
    </Schedule>
</Extension>

<Extension json>
	Module  xm_json
</Extension>

<Input udp>
	Module  im_udp
	Port    514
	Host    192.168.1.2
	Exec    parse_syslog(); to_json();
</Input>

<Output file>
	Module  om_file
	File    '%JSONLOGFILE%'
</Output>

<Output azure_oms>
    Module      om_exec
    Command	"C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Launcher\\py.exe"
    Arg  "C:\Program Files (x86)\nxlog\oms-pipe.py"
</Output>

<Route udp_to_file_and_oms>
	Path    udp => file, azure_oms
</Route>

My configuration is different from the example in manual in the "Output azure_oms" part. If use this part as in the manual an error appears:

<Output azure_oms>
    Module      om_exec
    Command     oms-pipe.py
    Exec        to_json();
</Output>

Error:

ERROR couldn't execute process oms-pipe.py; The system cannot find the file specified.

Please help me fix this error.