Hellow everyone!
I have a scenario that uses Citrix MCS where I installed the agent on the master image that provides clone images that should go with the nxlog agent installed and running. But the agent goes up with some errors as below:
2022-09-23 13:51:38 ERROR couldn't connect to udp socket on <IP:XYZ:514>; The socket operation was attempted to an unreachable network. 2022-09-23 13:51:46 WARNING Due to the limitation in the Windows EventLog subsystem, the query cannot contain more than 256 sources. 2022-09-23 13:51:46 WARNING The following sources are omitted to avoid exceeding the limit in the generated query: Setup WitnessClientAdmin 2022-09-23 13:52:14 WARNING received a system shutdown request 2022-09-23 13:52:14 WARNING stopping nxlog service 2022-09-23 13:52:14 WARNING nxlog-ce received a termination request signal, exiting... 2022-11-02 23:16:38 INFO nxlog-ce-2.11.2190 started 2022-11-02 23:16:44 WARNING Due to the limitation in the Windows EventLog subsystem, the query cannot contain more than 256 sources. 2022-11-02 23:16:44 WARNING The following sources are omitted to avoid exceeding the limit in the generated query: Setup WitnessClientAdmin 2022-11-02 23:27:15 ERROR EvtNext failed with error 15007: The specified channel could not be found. Check channel configuration. 2022-11-02 23:27:16 WARNING Due to the limitation in the Windows EventLog subsystem, the query cannot contain more than 256 sources. 2022-11-02 23:27:16 WARNING The following sources are omitted to avoid exceeding the limit in the generated query: WitnessClientAdmin 2022-11-02 23:27:16 ERROR Failed to retrieve eventlog fields; The handle is invalid.
Has anyone had a problem like this using Citrix MCS?
Thanks James \0/
gijosgun created
Hi,
I installed recently the last version of NXLOG-CE (3.0.2284) on my windows server 2016 Standard. I noticed that the configcache is not functionnal in my case because of an erreor when nxlog service stop => "System Error 109 has occurred. The pipe has ended" My configcache.dat file is not updated and when I restart the service, a lot of old logs are sended to my logstash
Here's my nxlog conf file
Panic Soft
define ROOT C:\nxlog define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE% LogLevel INFO
Moduledir %ROOT%\Modules Pidfile %ROOT%\nxlog.pid SpoolDir %ROOT%\SpoolDir CacheDir %ROOT%\CacheDir
<Extension _syslog> Module xm_gelf </Extension>
<Extension json> Module xm_json </Extension>
<Extension _charconv> Module xm_charconv AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32 </Extension>
<Extension _exec> Module xm_exec </Extension>
<Extension _fileop> Module xm_fileop
# Check the size of our log file hourly, rotate if larger than 5MB
<Schedule>
Every 1 hour
Exec if (file_exists('%LOGFILE%') and \
(file_size('%LOGFILE%') >= 5M)) \
file_cycle('%LOGFILE%', 8);
</Schedule>
# Rotate our log file every week on Sunday at midnight
<Schedule>
When @weekly
Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
</Schedule>
</Extension>
Collecting event log
<Input eventlog> Module im_msvistalog ReadFromLast TRUE SavePos TRUE Exec to_json(); </Input>
<Output ssl> Module om_ssl Host XX.XX.XX.XX CertFile %CERTDIR%\MyCertFile.crt Port XXXX AllowUntrusted TRUE </Output>
<Route 1> Path eventlog => ssl </Route>
Thank's a lot for your help
manuel created
gtarone created
