bug??????? nxlog-ce-2.9.1347
nxlog file has an error , but it's work ok, There is something wrong with the error ???
2015-12-01 13:37:21 INFO nxlog-ce-2.9.1347 started
2015-12-01 13:37:21 INFO connecting to 10.58.8.216:5000
2015-12-01 15:05:07 ERROR if-else failed at line 45, character 244 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; procedure 'parse_csv' failed at line 45, character 101 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; cannot parse integer, invalid modifier: ';'
2015-12-01 15:27:39 ERROR if-else failed at line 45, character 244 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; procedure 'parse_csv' failed at line 45, character 101 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; cannot parse integer, invalid modifier: ';'
2015-12-01 17:21:17 ERROR if-else failed at line 45, character 244 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; procedure 'parse_csv' failed at line 45, character 101 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; cannot parse integer, invalid modifier: ';'
2015-12-01 17:22:36 ERROR if-else failed at line 45, character 244 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; procedure 'parse_csv' failed at line 45, character 101 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; cannot parse integer, invalid modifier: ';'
2015-12-01 17:54:05 ERROR if-else failed at line 45, character 244 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; procedure 'parse_csv' failed at line 45, character 101 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; cannot parse integer, invalid modifier: ';'
2015-12-01 19:14:30 ERROR if-else failed at line 45, character 244 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; procedure 'parse_csv' failed at line 45, character 101 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; cannot parse integer, invalid modifier: ';'
nxlog config file:----------------
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension json>
Module xm_json
</Extension>
<Extension syslog>
Module xm_syslog
</Extension>
<Extension w3c>
Module xm_csv
Fields $date, $time, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, $s-port, $cs-username, $c-ip, $csUser-Agent, $cs-referrer, $sc-status, $sc-substatus, $sc-win32-status, $time-taken
FieldTypes string, string, string, string, string, string, integer, string, string, string, string, integer, integer, integer, integer
Delimiter ' '
QuoteChar '"'
UndefValue -
</Extension>
<Input in>
# Module im_msvistalog
# For windows 2003 and earlier use the following:
# Module im_mseventlog
Module im_file
File "C:\\inetpub\\logs\\LogFiles\\W3SVC3\\\u_ex*.log"
SavePos TRUE
Exec if $raw_event =~ /^#/ drop(); \
else \
{ \
w3c->parse_csv(); \
$EventTime = parsedate($date + " " + $time); \
$SourceName = "IIS"; \
$Message = to_json(); \
}
</Input>
<Output out>
Module om_tcp
Host 10.58.8.111
Port 5002
# Exec to_syslog_snare();
</Output>
<Route 1>
Path in => out
</Route>
That's a known issue, see here.
