This can be seen in nxlog-ce-2.8.1248 distribution, syslog.c, line 1094
if ( (ptr[0] == 0xEF) && (ptr[0] == 0xBB) && (ptr[0] == 0xBF) )
should be
if ( (ptr[0] == 0xEF) && (ptr[1] == 0xBB) && (ptr[2] == 0xBF) )
Please, fix this.
vadimevf created
Is there any roadmap for natively including an output module to a message queue service such as Redis, 0mq etc?
Alternatively how can I write out to a queue using om_http?
Thanks
Ash
akumar created
NxLog does not reconnect to the server once a connection is restored after a network disconnect event.
Simple step to repro - Simply unplugging the ethernet cable from the back of the PC while nxlog is attempting to send data to loggly. The error happens almost instantly after the cable is unplugged. Below is the error message
2015-05-11 13:49:56 ERROR couldn't connect to tcp socket on logs-01.loggly.com:443; A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
BTW - I am using NxLog Community Edition. Is this a known issue? I dont expect such a simple feature to not work in a community edition. It should automatically reconnect
kashdash7651 created
Hi,
Is it possible to change NXlog Community Edition installation path on Windows platform ?
(default installation path is :C:\Program Files\nxlog or C:\Program Files (x86)\nxlog ).
I want to install it to C:\nxlog for example.
Thank you,
emve created
Hi,
I setup nxlog to process log file. Each log file got rotated by application hourly. The original log file will rename to the same file name postfixed by timestamp, and the log messages will continue written to the new log file with the same name.
I found that some of the log messages logged at the last minute or two of an hour are processed more than one time by NXLOG. Does anyone have any idea what went wrong?
regards,
Jerry
Here is my nxlog conf:
<Input in2>
Module im_file
File "/nfs/home/jerryc/domains/smp_demo/nodes/torvm-core14/log/samp-*_svr2*"
SavePos TRUE
ReadFromLast TRUE
Jerry created
Is there a citrix module that can import logs from citrix servers?
I'd like to log the following:
Authentication
Apps launched
User Activity
Directories accessed
Thanks
-G
ghostisic created
How to use NXLog to store logs in Azure Table Storage? Is there a om_azure_table_storage module out there?
igorgatis created
From time to time on certain Windows servers nslog resends old events. The logs also there is an error "EvtNext failed with error 1717: The interface is unknown"
How to fix that ?
aurora created
Hi,
Please advise...Thanks!
is it possible to have an nxlog.conf that references other nxlog.conf files. For example, If I have
iis.conf
msevent.conf
log4net.conf
could I have an nxlog.conf that imports them in a componentized or modular format
nxlog.conf would look something like:
import iis.conf
import msevent.conf
import log4net.conf
I am trying to handle many different roles for servers at a big company.. Some servers just have log4net logs we want, other servers we just want iis logs from and others iis logs and msevent logs..
There are lots of combinations.
I am looking for an easy way handle all the server roles....web server, app server, DB server etc. Each server type is going have different
sets of logs processed and sent. Nxlog is awesome...keep up the great work. Thanks!
Best Regards,
Daniel
idigwww created
Hello,
I am attempting to use the im_odbc module to gather table data from mssql into nagios log server.
conf snippet
<Input in>
Module im_odbc
ConnectionString DSN=mysql://USERNAME:PASSWORD@IPADDRESS:PORT;database=DATABASENAME;
SQL Select RecordNumber as id, DateOccured as EventTime, data as Message from logtable WHERE RecordNumber > ?
SavePos TRUE
</Input>
<Output out>
Module om_tcp
Host IPADDRESS
Port 1337
OutputType Binary
</Output>
<Route 1>
Path in => out
</Route>
Error
ERROR im_odbc couldn't connect to the database, IM010:1:0:[Microsoft][ODBC Driver Manager] Data source name too long
Please Help!
Thanks
GC.
ghostcat created
Hello
I was wondering if it is possible to have multiple instances of im_dbi at one time. It is important for access to my global variables. If it is possibe, then my question is: does NXLog make nx_im_dbi_conf_t for each module instance? Where I should store variables for module if I want to have per load visibility?
Tuxizm created
Not sure it can be achieved but wanted to check as to what was the best way to use UNC names in the File path.
I want to stage files locally from a remote location, digest and then delete the files.
I have tried "//FileServer/directory/file as well as "\\FileServer/directory/file" without success.
Is it possible to use a variation of im_exec such as
<Input mapdrive>
Module im_file
command net
arg use
arg z:
arg "\\fileserver\directory" ....etc?
Thanks
Ash
akumar created
I believe the latest version of the windows ce msi is not available to download.
In the following forum post it was mentioned that version nxlog-ce-2.9.1362 is out:
http://nxlog.org/support-tickets/nxlog-crashing-windows-2012r2
I can't find that version for download via http://nxlog.org/products/nxlog-community-edition/download ? Please advised.
LBOmar created
2015-04-29 20:32:46 INFO nxlog-ce-2.9.1347 started
2015-04-29 21:08:14 WARNING stopping nxlog service
2015-04-29 21:08:14 WARNING nxlog-ce received a termination request signal, exiting...
2015-04-29 21:08:15 ERROR invalid keyword: else at C:\Program Files (x86)\nxlog\conf\nxlog.conf:60
2015-04-29 21:08:15 ERROR module 'in' has configuration errors, not adding to route '2' at C:\Program Files (x86)\nxlog\conf\nxlog.conf:89
2015-04-29 21:08:15 WARNING not starting unused module in
2015-04-29 21:08:15 INFO connecting to 172.18.1.11:5142
2015-04-29 21:08:15 INFO nxlog-ce-2.9.1347 started
2015-04-29 21:08:15 ERROR if-else failed at line 77, character 234 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; procedure 'parse_csv' failed at line 77, character 80 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; Not enough fields in CSV input, expected 17, got 1 in input ' #Software: Microsoft Exchange Server'
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
define IGNORE_COMMENT if $raw_event =~ /^#/ drop();
define BASEDIR C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\MessageTracking
define AgentLog_dir C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\AgentLog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
#LogLevel DEBUG
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension _json>
Module xm_json
</Extension>
<Extension ExAgentLog>
Module xm_csv
Fields $Timestamp,$SessionId,$LocalEndpoint,$RemoteEndpoint,$EnteredOrgFromIP,$MessageId,$P1FromAddress,$P2FromAddresses,$Recipient,$NumRecipients,$Agent,$Event,$Action,$SmtpResponse,$Reason,$ReasonData,$Diagnostics
FieldTypes String,String,String,String,String,String,String,String,String,Integer,String,String,String,String,String,String,String
Delimiter ,
</Extension>
<Extension ExMSGTRK>
Module xm_csv
Fields $date-time,$client-ip,$client-hostname,$server-ip,$server-hostname,$source-context,$connector-id,$source,$event-id,$internal-message-id,$message-id,$recipient-address,$recipient-status,$total-bytes,$recipient-count,$related-recipient-address,$reference,$message-subject,$sender-address,$return-path,$message-info,$directionality,$tenant-id,$original-client-ip,$original-server-ip,$custom-data
FieldTypes String,String,String,String,String,String,String,String,String,String,String,String,String,Integer,Integer,String,String,String,String,String,String,String,String,String,String,String
Delimiter ,
</Extension>
<Extension charconv>
Module xm_charconv
AutodetectCharsets utf-8,UNICODE,utf-16, utf-32, iso8859-2
</Extension>
<Input in>
Module im_file
File '%BASEDIR%\MSGTRK????????*-*.LOG'
ReadFromLast FALSE
Exec if $raw_event =~ /^#/ drop();\
else \
{ \
ExMSGTRK->parse_csv();\
delete($SourceModuleName);\
delete($SourceModuleType);\
delete($EventReceivedTime);\
$SourceName="Message Tracking Log"; \
to_json();\
}
</Input>
<Input in2>
Module im_file
ReadFromLast FALSE
File '%AgentLog_dir%\AgentLog*.LOG'
EXEC if $raw_event =~ /^#/ drop();\
else \
{\
ExAgentLog->parse_csv(); \
delete($SourceModuleName); \
delete($SourceModuleType); \
delete($EventReceivedTime); \
$SourceName="Agent Log"; \
to_json(); \
}
</Input>
<Output out2>
Module om_tcp
Host 172.18.1.11
Port 5142
</Output>
<Route 2>
Path in,in2 => out2
</Route>
yoke88 created
2015-04-29 10:12:10 ERROR procedure 'parse_csv' failed at line 50, character 24 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; Couldn't parse datetime value: '锘?Software: Microsoft Exchange Server'
see http://stackoverflow.com/questions/2223882/whats-different-between-utf-8-and-utf-8-without-bom
yoke88 created
Hi,
I was wondering if it is possible to ship MS Event logs from nxlog to Logstash directly without writing to disk first.
kamishiro created
Hello,
I'm trying to use file_cycle to clean up old NXLog files. When I start NXLog I see my log file "Demo.log" created and being written to. When my schedule executes I see the log file getting renamed to "Demo.log.1" but no new Demo.log file is created and NXLog still continues to write to the "Demo.log.1" file.
I'm not sure if I have something set incorrectly or if there is a bug. Here's the necessary bits from nxlog.conf:
define NXLOG_DEMO c:\NXlog\Demo.log
<Extension fileop>
Module xm_fileop
<Schedule>
#Cycle the NXLog files daily and only keep 14 days
When @daily
Exec file_cycle('%NXLOG_DEMO%', 14);
</Schedule>
</Extension>
<Output Demo_out>
Module om_file
file '%NXLOG_DEMO%'
CreateDir TRUE
</Output>
I'm not sure if I have something set incorrectly or if there's a better way to do what I'm trying to accomplish.
Thanks! Jeff
JRausch created
Hi there!
I was wondering if NXlog community edition has a failover in dbi module. I couldn't find reconnect in im_dbi. So if SQL read fail, then module will be stopped? Is there some plan for do it in future versions?
Tuxizm created
This is a lengthy description but pelase bear with me, I'm really starting to loose hope here...
So I have tried to catch this "oversized string" and avoid it braking my logging but am not able to, even writing debug log failed.
Here is the nxlog.log where you can see that it broke at 5:30, then source log changed and then it broke again and after that it wrote no more to debug nor to syslog anything:
2015-04-17 05:30:45 ERROR procedure 'file_write' failed at line 95, character 100 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; binary operation failed at line 95, character 99 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. expression evaluation has been aborted; oversized string, limit is 1048576 bytes
2015-04-17 05:30:45 ERROR procedure 'to_syslog_ietf' failed at line 58, character 24 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; oversized string, limit is 1048576 bytes
2015-04-17 05:30:45 ERROR Syslog_TLS output is over the limit of 65000, will be truncated
2015-04-17 05:31:18 WARNING inode changed for 'C:\Program Files (x86)\Agfa\Sec\Audit\log\audit_9702ad06-126b-4dfd-8b38-ad007eecc9c1.log': reopening possibly rotated file
2015-04-17 05:31:18 ERROR procedure 'file_write' failed at line 95, character 100 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; binary operation failed at line 95, character 99 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. expression evaluation has been aborted; oversized string, limit is 1048576 bytes
2015-04-17 05:31:18 ERROR procedure 'to_syslog_ietf' failed at line 58, character 24 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; oversized string, limit is 1048576 bytes
2015-04-17 05:31:18 ERROR Syslog_TLS output is over the limit of 65000, will be truncated
2015-04-17 05:31:18 ERROR procedure 'file_write' failed at line 95, character 100 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; binary operation failed at line 95, character 99 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. expression evaluation has been aborted; oversized string, limit is 1048576 bytes
2015-04-17 05:31:18 ERROR procedure 'to_syslog_ietf' failed at line 58, character 24 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; oversized string, limit is 1048576 bytes
2015-04-17 05:31:18 ERROR Syslog_TLS output is over the limit of 65000, will be truncated
2015-04-17 05:31:18 ERROR string limit (1048576 bytes) reached
2015-04-17 05:31:22 ERROR last message repeated 2 times
2015-04-17 05:31:24 ERROR string limit (1048576 bytes) reached
2015-04-17 05:31:26 ERROR string limit (1048576 bytes) reached
2015-04-17 05:31:30 ERROR last message repeated 2 times
2015-04-17 05:31:33 ERROR string limit (1048576 bytes) reached
....and so on just this one message every few second (plus some debug.log rotantion messages) but strangely enough one old log entry from 05:31 popped up later:
2015-04-17 06:00:17 ERROR string limit (1048576 bytes) reached
2015-04-17 05:31:18 ERROR string limit (1048576 bytes) reached
2015-04-17 06:00:21 INFO removing file F:\\temp\debug.log.2
..
and also debug.log failed but this is not the concerne right now:
2015-04-17 07:00:21 ERROR failed to determine file size of 'F:\\temp\debug.log': The system cannot find the file specified.
The last events in debug.log.1 are:
EventTime: , raw_event: !SYS 2015-04-17 05:31:18,754 - apr 08 11:33:31 193.40.48.28 <?xml version="1.0" encoding="UTF-8" ?>
EventTime: , raw_event: <IHEYr4><DicomQuery><Keys></Keys><Requestor><IP></IP></Requestor><CUID></CUID><SyntaxUID>LittleIndianImplicit</SyntaxUID></DicomQuery><Host>193.40.48.28</Host><TimeStamp>2015-04-08T11:33:31+03:00</TimeStamp></IHEYr4>
EventTime: , raw_event: !SYS 2015-04-17 05:31:18,832 - apr 08 11:33:31 193.40.48.28 <?xml version="1.0" encoding="UTF-8" ?>
The last NORMALISED event (the whole configuration depens on dropping the CUID's - there can be up to 20000 CUIDs in one event - and wiritin this instead: <UIDs>dropped by nxlog</UIDs> and taking the TimeStamp from the end of the raw event and making it the real EventTime) in syslog server is:
2015-04-08T11:33:31.000000+03:00 <IHEYr4><DICOMInstancesUsed><ObjectAction>Access</ObjectAction><AccessionNumber>83_13532</AccessionNumber><SUID>1.2.124.113532.192.168.100.131.20050117.92248.281238</SUID><Patient><PatientID>50411232772</PatientID><PatientName>PATIENT^1</PatientName></Patient><User><LocalUser>user1@Agfa Healthcare</LocalUser></User><UIDs>dropped by nxlog</UIDs><NumberOfInstances>91</NumberOfInstances><MPPSUID></MPPSUID></DICOMInstancesUsed><Host>193.40.48.28</Host><TimeStamp>2015-04-08T11:33:31+03:00</TimeStamp></IHEYr4>
So to come back to nxlog.log events in the beginning here is the output to syslog at the moment when nxliog broke at 5:30 and 5:31 (here you can see that some events start normally (without the tag) and with <IHEYr4> in the beginning but as they are here it means that the event time has not been replaced and the CUID's have not been cut out and these events then get broken up to serveral garbaged messages:
@timestamp tag severity host facility message
2015-04-17T05:30:45.776+03:00 debug server1 invld <IHEYr4><DICOMInstancesUsed><Object...
2015-04-17T05:30:45.777+03:00 UID><CUID>1.3.46.670589.11.24125.5.0.576.... notice server1 user UID>1.3.46.670589.11.24125.5.0.576.201404240852...
2015-04-17T05:30:45.777+03:00 531903787</CUID><CUID>1.3.46.670589.11... notice server1 user 08531907795</CUID><CUID>1.3.46.670589....
2015-04-17T05:30:45.777+03:00 589.11.24125.5.0.3364.2014042408530195660</CUID... notice server1 user 70589.11.24125.5.0.3364.2014042408530207668</CU...
2015-04-17T05:30:45.778+03:00 ><CUID>1.3.46.670589.11.24125.5.0.576.201... notice server1 user >1.3.46.670589.11.24125.5.0.576.201404240903450...
2015-04-17T05:30:45.778+03:00 .0.576.2014042409034275361</CUID><CUID>... notice server1 user .2014042409034289370</CUID><CUID>1.3.4...
2015-04-17T05:30:45.778+03:00 D><CUID>1.3.46.670589.11.24125.5.0.576.20... notice server1 user D>1.3.46.670589.11.24125.5.0.576.20140424090340...
2015-04-17T05:30:45.779+03:00 0.576.2014042409034712619</CUID><CUID>... notice server1 user 2014042409034726627</CUID><CUID>1.3.46...
2015-04-17T05:30:45.779+03:00 debug server1 invld <CUID>1.3.46.670589.11.24125.5.0.576.2014042...
2015-04-17T05:31:18.831+03:00 debug server1 invld <IHEYr4><DICOMInstancesUsed><Object...
2015-04-17T05:31:18.832+03:00 D><CUID>1.3.46.670589.11.24125.5.0.576.20... notice server1 user D>1.3.46.670589.11.24125.5.0.576.20140424090340...
2015-04-17T05:31:18.832+03:00 UID><CUID>1.3.46.670589.11.24125.5.0.576.... notice server1 user UID>1.3.46.670589.11.24125.5.0.576.201404240852...
2015-04-17T05:31:18.832+03:00 531903787</CUID><CUID>1.3.46.670589.11... notice server1 user 08531907795</CUID><CUID>1.3.46.670589....
2015-04-17T05:31:18.832+03:00 589.11.24125.5.0.3364.2014042408530195660</CUID... notice server1 user 70589.11.24125.5.0.3364.2014042408530207668</CU...
2015-04-17T05:31:18.833+03:00 .0.576.2014042409034275361</CUID><CUID>... notice server1 user .2014042409034289370</CUID><CUID>1.3.4...
2015-04-17T05:31:18.833+03:00 ><CUID>1.3.46.670589.11.24125.5.0.576.201... notice server1 user >1.3.46.670589.11.24125.5.0.576.201404240903450...
2015-04-17T05:31:18.836+03:00 debug server1 invld <CUID>1.3.46.670589.11.24125.5.0.576.2014042...
2015-04-17T05:31:18.836+03:00 0.576.2014042409034712619</CUID><CUID>... notice server1 user 2014042409034726627</CUID><CUID>1.3.46...
2015-04-17T05:31:18.841+03:00 UID><CUID>1.3.46.670589.11.24125.5.0.576.... notice server1 user UID>1.3.46.670589.11.24125.5.0.576.201404240852...
2015-04-17T05:31:18.841+03:00 debug server1 invld <IHEYr4><DICOMInstancesUsed><Object...
2015-04-17T05:31:18.841+03:00 589.11.24125.5.0.3364.2014042408530195660</CUID... notice server1 user 70589.11.24125.5.0.3364.2014042408530207668</CU...
2015-04-17T05:31:18.841+03:00 531903787</CUID><CUID>1.3.46.670589.11... notice server1 user 08531907795</CUID><CUID>1.3.46.670589....
2015-04-17T05:31:18.842+03:00 debug server1 invld <CUID>1.3.46.670589.11.24125.5.0.576.2014042...
2015-04-17T05:31:18.842+03:00 D><CUID>1.3.46.670589.11.24125.5.0.576.20... notice server1 user D>1.3.46.670589.11.24125.5.0.576.20140424090340...
2015-04-17T05:31:18.842+03:00 .0.576.2014042409034275361</CUID><CUID>... notice server1 user .2014042409034289370</CUID><CUID>1.3.4...
2015-04-17T05:31:18.842+03:00 ><CUID>1.3.46.670589.11.24125.5.0.576.201... notice server1 user >1.3.46.670589.11.24125.5.0.576.201404240903450...
2015-04-17T05:31:18.842+03:00 0.576.2014042409034712619</CUID><CUID>... notice server1 user 2014042409034726627</CUID><CUID>1.3.46...
so... I could live with the broken events scattered around (if I see it I know it broke there) but the main thing is that nxlog stops working - it seems it was able to overcome the problem at 5:30 but at 5:31:18 it stopped sending events from this log (other logs were not affected).
So what should I do to make it not break ot at leas always recover and pick up at next message?
Here are the important bits of my config:
<Extension charconv>
Module xm_charconv
AutodetectCharsets utf-8, euc-jp, utf-16, utf-32, iso8859-1, iso8859-4
</Extension>
<Output sslout>
Module om_ssl
Host 192.168.1.2
Port 10514
Exec to_syslog_ietf();
CAFile %CERTDIR%/cacert.pem
CertFile %CERTDIR%/cert.pem
CertKeyFile %CERTDIR%/key.pem
AllowUntrusted TRUE
OutputType Syslog_TLS
Exec if $Message =~ /DEBUG/ drop();
Exec convert_fields("AUTO", "utf-8");
</Output>
<Extension fileop>
Module xm_fileop
<Schedule>
Every 1 hour
Exec if (file_size('%ROOT3%\debug.log') >= 1M) file_cycle('%ROOT3%\debug.log', 2);
</Schedule>
</Extension>
<Input agfaauditlog>
Module im_file
File 'C:\Program Files (x86)\Agfa\Sec\Audit\log\audit_*.log'
SavePos TRUE
ReadFromLast TRUE
Exec file_write("%ROOT3%\debug.log", "EventTime: " + $EventTime + ", raw_event: " + $raw_event);
Exec if $raw_event =~ /!SYS/ drop();
Exec if $raw_event =~ /\<TimeStamp\>(.+)\</ {$EventTime = parsedate($1);}
Exec if $raw_event =~ /^(.+?)(CUID.+CUID)(.+)/ $raw_event = $1 + 'UIDs>dropped by nxlog</UIDs' + $3;
</Input>
<Route 1>
Path internal, nxlog, mseventlog, agfaauditlog => sslout
</Route>
P.S. and then I get events like this also from the same log, why is that?
2015-04-17T05:29:40.406+03:00 㰱㌾ㄠ㈰ㄵⴰ㐭〸吱ㄺ㌲㨰㘮〰〰〰⬰㌺〰灳㑴汮⁛乘䱏䝀ㄴ㔰㘠䕶敮瑒散敩癥摔業攽∲〱㔭〴ⴱ㜠〵㨲... notice server1 user 䅣捥獳楯湎畭扥爾䡐剈䵒ㄱ㔰㐰㠰〲㰯䅣捥獳楯湎畭扥爾㱓啉䐾ㄮ㈮㈵〮ㄮ㔹⸴㜰⸱㌮㐵㈮㈰ㄵ〴〸〹㔲㐸⸶㈳⸱...bigfoot created
I am trying to append a pre-defined GUID to some application log files. The log files are written in JSON and I would like to append these logs with a GUID.
I have defined the GUID in my config file with the variable CUSTOMER_TOKEN.
I am not sure how to accomplish this using the raw_event + function within my config settings. Sorry for the basic question. I read the community reference manual a few times, but couldn't quite figure out how to use the raw_event + to append the CUSTOMER_TOKEN to the logs.
Thank you in advance.
Here is my config file:
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CUSTOMER_TOKEN 10401ffc-42c2-49a6-9292-7eb31c9df605
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
# Include fileop while debugging, also enable in the output module below
#<Extension fileop>
# Module xm_fileop
#</Extension>
<Extension json>
Module xm_json
</Extension>
<Input MonitoringAgent>
Module im_file
File "C:\Users\logman\AppData\Local\Temp\MonitoringAgent.log"
#SavePos TRUE
</Input>
<Output out>
Module om_file
File "C:\Users\logman\Desktop\App_Logs\Logs.txt"
</Output>
<Route 1>
Path MonitoringAgent => out
</Route>
logman29 created
