exec_async - can't run powershell script

Post a different question
4
responses

Hello,

We have an issue where NXLog stops listening to the UDP port but nxlog remains running.  It posts a message to its log and I would like to run, via exec_async a powershell script that stops and restarts the nxlog service. However, I am unable to do so receiving this error:

ERROR if-else failed at line 9, character 97 in C:\Program Files (x86)\nxlog\conf\nxlog-self.conf. statement execution has been aborted; procedure 'exec_async' failed at line 9, character 97 in C:\Program Files (x86)\nxlog\conf\nxlog-self.conf. statement execution has been aborted; couldn't execute process C:\temp\restart; %1 is not a valid Win32 application.  

Does anybody know how to avoid this error and have nxlog run the script?

Thanks and regards

Peter

 

AskedSeptember 20, 2017 - 12:26pm

Answer (1)

Can you post the relevant piece from your configuration for exec_async()?

Please also provide the UDP errors to see if that's a known issue and also if you have details on how to reproduce it that would help.

AnsweredSeptember 20, 2017 - 12:38pm

Comments (3)

  • PeterF's picture

    Hi,

    Here's the configuration snipped:

    <Extension exec>

        Module xm_exec

    </Extension>

     

    <Input iNXlog>

    Module im_file

    File "C:\\Program Files (x86)\\nxlog\\data\\nxlog.log"

     

    # restart on UDP buffer error

    #exec if $raw_event =~ /.*Module syslog514udp couldn't read from socket.*/ \ERROR if-else failed

    exec if $raw_event =~ /.*ERROR if-else failed.*/ \

    # exec_async("C:\\temp\\restart", "variable"); # just to see if adding a parameter works - it does not

    exec_async("C:\\temp\\restart");

    </Input>

     

    I tried to run it from the nxlog installation directory but I figured the spaces and braces in the path may have caused issues.  Moving to c:\temp resulted in the same error.  I've also attempted to use net.exe - any exe I tried worked just fine.

     

     

    UPDATE:

    Here's the error message: "Module syslog514udp couldn't read from socket; A message sent on a datagram socket was larger than the internal message buffer or some other network limit, or the buffer used to receive a datagram into was smaller than the datagram itself. "

     

    I'm pretty sure it's one of our applications that's sending a large (>64K) exception.  I'm looking to locate the perpatrator, but in the mean time I'd like to get nxlog up and listening again.

     

    Thanks and regards

    Peter

    September 20, 2017 - 2:54pm
  • b0ti's picture
    (NXLog)

    If restart is a powershell script I think you will need to invoke it through it's interpreter with something like this:

    exec_async('C:\Windows\System\....\powershell.exe', 'C:\temp\restart');

    To run a .bat file I think you would need to invoke it with cmd.exe the same way.

    Thanks for the info on the im_udp error. We will look into that.

    September 20, 2017 - 3:11pm
  • PeterF's picture

    Hello,

    Thanks for the pointer I was able to get it working.  Here's the config snippet for reference:

    exec_async("C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", "-command", "C:\\Program Files (x86)\\nxlog\\conf\\restart.ps1");

    Thanks

     

    September 20, 2017 - 4:32pm