Request trial
Request Trial
Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.
NXLOG Service starts and then stops immediately when trying to use Solarwinds PaperTrail (APPCRASH / Faulting Module = NTDLL.DLL)
Trying to get this to work on a Windows 2019 Server that's a clean build with nothing on it and has all current Windows updates applied Is it an issue with Windows 2019 Server or an issue with the XM_SYSLOG module? ######### WORKING - Copies event log data to C:\Program Files\nxlog\data\nxlog-output.log ######## define ROOT C:\Program Files\nxlog define CERTDIR %ROOT%\cert Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension syslog> Module xm_syslog </Extension> # Monitor Windows event logs <Input eventlog> Module im_msvistalog </Input> <Output file> Module om_file File 'C:\Program Files\nxlog\data\nxlog-output.log' Exec to_syslog_snare(); </Output> <Output syslogout> Module om_ssl Host logsx.papertrailapp.com Port 12345 Exec $Hostname = hostname(); to_syslog_ietf(); OutputType Syslog_TLS CAFile %CERTDIR%/papertrail-bundle.pem AllowUntrusted FALSE </Output> <Route out> Path eventlog => file </Route> ######### NOT WORKING - NXLOG Service will start for a moment and then stop immediately ########### <Route out> Path eventlog => syslogout </Route> nxlog.log 2022-03-16 18:10:47 WARNING not starting unused module file 2022-03-16 18:10:47 INFO nxlog-ce-3.0.2272 started 2022-03-16 18:10:47 INFO connecting to logs3.papertrailapp.com:49305 2022-03-16 18:10:47 INFO successfully connected to logx.papertrailapp.com:12345 Windows Logs, Application Events: Source: Application Error Event ID: 1000 Faulting application name: nxlog.exe, version: 0.0.0.0, time stamp: 0x00000000 Faulting module name: ntdll.dll, version: 10.0.17763.2628, time stamp: 0x91ea188a Exception code: 0xc0000374 Fault offset: 0x00000000000faad9 Faulting process id: 0xa7c Faulting application start time: 0x01d8399bfa79f8d0 Faulting application path: C:\Program Files\nxlog\nxlog.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 7870365a-2a26-49dd-9670-7c8d889f9dda Faulting package full name: Faulting package-relative application ID: Windows Logs, Application Events: Source: Windows Error Reporting Event ID: 1001 Fault bucket 1367701673690831831, type 4 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: nxlog.exe P2: 0.0.0.0 P3: 00000000 P4: StackHash_2e07 P5: 10.0.17763.2628 P6: 91ea188a P7: c0000374 P8: PCH_43_FROM_ntdll+0x00000000000A0544 P9: P10: Attached files: \?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER86A8.tmp.dmp \?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER87D2.tmp.WERInternalMetadata.xml \?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8802.tmp.xml \?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8804.tmp.csv \?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER8843.tmp.txt These files may be available here: \?\C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_nxlog.exe_7198d2d4b17dc7d6aaa419f8df82eecf4ad86a_e5992931_12418b0d Analysis symbol: Rechecking for solution: 0 Report Id: 7870365a-2a26-49dd-9670-7c8d889f9dda Report Status: 268435456 Hashed bucket: 8cc762824f1e456172fb0d6d030c9bd7 Cab Guid: 0

TXTOM created
Replies: 2
View post »
last updated
APPCRASH

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS