Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.
pm_buffer not filling on network error
Hi, I have the requirement to buffer logs that were unable to be sent during network failures. I have the following config which makes NXLog CE create a buffer file but it stays at 0KB size with a missing network. My logs show the expected network failure: 2022-10-04 10:01:52 INFO nxlog-ce-3.0.2284 started 2022-10-04 10:01:52 INFO reconnecting in 1 seconds 2022-10-04 10:01:52 ERROR apr_sockaddr_info failed for myserver.com:1514; No such host is known. 2022-10-04 10:01:53 INFO reconnecting in 2 seconds 2022-10-04 10:01:53 ERROR apr_sockaddr_info failed for myserver.com:1514; No such host is known. 2022-10-04 10:01:55 INFO reconnecting in 4 seconds nxlog.conf <Extension syslog> Module xm_syslog </Extension> <Extension json> Module xm_json </Extension> <Input inWindowsAudit> Module im_msvistalog ReadFromLast True <QueryXML> <QueryList> <Query Id="0"> <Select Path="Microsoft-Windows-Sysmon/Operational">*</Select> </Query> </QueryList> </QueryXML> Exec parse_syslog(); to_json(); </Input> <Processor buffer> Module pm_buffer Type Disk # 40 MiB buffer MaxSize 40960 # Generate warning message at 20 MiB WarnLimit 20480 </Processor> <Output ssl> Module om_ssl Host myserver.com Port 1514 CAFile %CERTDIR%\ca-root.cer CertFile %CERTDIR%\client.cer CertKeyFile %CERTDIR%\client_private.key KeyPass secret AllowUntrusted FALSE </Output> <Route main> Path inWindowsAudit => buffer => ssl </Route> Any ideas? Thanks.
Replies: 2View post »