if-else failed, not enough fields

Having a reoccurring problem where I get the following error and my output file quits updating for a few minutes then picks back up again. As a side note, I was having a problem with the eventlog because of an entry that was being written that had an object serialized as xml in the message. That is the exclusion in my application log. Since then, the event log has been working flawlessly.

I found a similar post except that in my instance I have already use a more specific filter.

AskedMarch 6, 2015 - 8:23pm

NXlog cannot verify self-signed CA certificate


I'm trying to foward log events with NXlog to logstash over a SSL connection. Therefore, I generated my own CA certificate and a certificate to be used by logstash for the SSL connection. NXlog is installed on a Ubuntu 14.04 (virtual) machine with the CA certificate added as '/etc/ssl/certs/logstash-ca.crt'.

I tested the connection with

openssl s_client -CAfile /etc/ssl/certs/logstash-ca.cert -connect localhost:5000

and everything works fine (all entered text lines are received by logstash).

However, when I start NXlog with the appropriate om_ssl output configuration it fails with

ERROR SSL certificate verification failed: unable to get local issuer certificate (err: 20)

AskedMarch 5, 2015 - 9:53pm

$raw_event contains no data

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

AskedMarch 4, 2015 - 12:17pm

Can I cut out part of the message

I have xml style messages that can have thousands of <CUID>xxx</CUID> statements in them so I need to cut out from the middle of the message: from the first string of <CUID> to the last </CUID>. Is this possible?

AskedFebruary 27, 2015 - 10:36am