4
responses

Hello everyone,

I would like to catch a log from windows network drives, but I cannot did it.

May I know it is supported by nxlog?  Would you please advise, thank you.

 

<Input filelogs>
    Module    im_file
    File    "\\\\192.168.1.1\\test\*"
    SavePos TRUE
    ReadFromLast TRUE
    PollInterval 5
    Exec $Message = $raw_event;
</Input>

NXLog.log:
2016-09-14 18:16:53 INFO nxlog-ce-2.8.1248 started
2016-09-14 18:16:53 ERROR failed to open \\192.168.1.1\test\*; Access is denied.  
2016-09-14 18:17:03 ERROR apr_stat failed on file \\192.168.1.1\test\*; Access is denied.  
2016-09-14 18:17:13 ERROR apr_stat failed on file \\192.168.1.1\test\*; Access is denied.  
2016-09-14 18:17:23 ERROR apr_stat failed on file \\192.168.1.1\test\*; Access is denied.  
2016-09-14 18:17:33 ERROR apr_stat failed on file \\192.168.1.1\test\*; Access is denied.  
2016-09-14 18:17:53 ERROR apr_stat failed on file \\192.168.1.1\test\*; The filename, directory name, or volume label syntax is incorrect.  
2016-09-14 18:18:33 ERROR apr_stat failed on file \\192.168.1.1\test\*; The filename, directory name, or volume label syntax is incorrect.  
2016-09-14 18:19:43 ERROR apr_stat failed on file \\192.168.1.1\test\*; The filename, directory name, or volume label syntax is incorrect. 

The share drvice is able to access by everyone, or guest.

AskedSeptember 15, 2016 - 5:52am

Answer (1)

This is a permissions issue and is not directly related to NXLog per se.

You should make sure that the local SYSTEM account that NXLog is running under has proper permissions to access the network share.

See this question on serverfault for example.

Comments (3)

  • jasonkwwong's picture

    Thank you, but this network drive is shared with permission "guest".  Anyone can access it.

    Because I am not in doman environment,  specially shared with guest for testing.  but still cannot access it with NXlog

     

  • sa's picture

    Hi Jason,

    While the error message correctly refers your path as the directory 'test' residing on 192.168.1.1, the correct configuration should look like this:

    File    '\\192.168.1.1\test\\*'

    (Note the single quotes and the double backslash before the asterisk.) Please have a look at the 6.2.7.1 section of the reference manual for further examples and let us know if this worked.

    Best regards,

    Attila Sályi

  • jasonkwwong's picture

    Hi Sa,

    After try and error, I experienced 2 issue in this case:

    1. Incorrect configuration. Your answer is correct.  This examples is good for me, and it is work.

    2. Nxlog service permission issue.  Seem like that the local service account cannot access the Windows network share folder, even it is shared with everyone.  I given an administrator account to the nxlog, it is able to access the folder now.

     

    Thank you for your help.