1
response

Dear all,

I'm trying to get hold of the IIS logs and I get the following issue when I try to restart the service.... we are working on a extra.conf file and I know that it is the one that hinders the service to start.... I just cant see where in the code I mess up.

Here's the code.

### Created by NXlog Configuration AT 04-07-2018 08:20:12 ###
### NXlog Configuration Version 2018-05-14 ###
### Created On HOSTNAMEWEB03 ###
### OS INFO 2008 - nxlogserver: 10.233.26.20 ###
### dnsloginfo $Undefined DHCPLOGINFO $Undefined###
### Start off with Definitions ###

### Rootdir defined from: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\nxlog,installdir;HKEY_LOCAL_MACHINE\SOFTWARE\nxlog,installdir ###

define ROOT <C:\Program Files\nxlog>

### Generic Settings for ALL installations ###

define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %LOGFILE%
LogLevel INFO

<Extension _syslog>
Module xm_syslog
</Extension>

<Extension _exec>
Module xm_exec
</Extension>

<Extension _json>
Module xm_json
</Extension>

### Define our inputs ###

### Start ISS created by # 18-09-2018###

<Input IIS>
Module im_file
File C:\inetpub\logs\LogFiles\W3SVC1\\*
SavePos True
InputType LineBased
</Input>

### END ISS Inserted by # 18-09-2018###

<Input winlog>
Module im_msvistalog
ReadFromLast TRUE
ResolveSID TRUE
<QueryXML>
<QueryList>
<Query Id='1'>
<Select Path='Application'>*</Select>
<Select Path='Security'>*</Select>
<Select Path='System'>*</Select>
</Query>
</QueryList>
</QueryXML>
</Input>

### Define the output that goes to LP for analysis ###
<Output syslogout>
Module om_tcp
Host 10.2XX.26.2X
Port 514
Exec to_syslog_bsd();
</Output>

<Output winout>
Module om_tcp
Host 10.2XX.26.2X
Port 514
Exec to_json(); $Message = $raw_event;to_syslog_bsd();
</Output>

### Tie together inputs to outputs ###
<Route 1>
Path winlog => winout
</Route>
include %CONFDIR%\extra.conf
### Configuration Completed ###

The following is taken out of the nxlog.log

2018-09-19 09:28:10 WARNING nxlog received a termination request signal, exiting...
nxlog failed to start: Invalid 'include' directive at C:\Program Files\nxlog\conf\extra.conf:86
Failed to open config file <C:\Program Files\nxlog>\conf\extra.conf
The filename, directory name, or volume label syntax is incorrect.

2018-09-19 09:41:15 INFO nxlog-4.0.3735 started
2018-09-19 09:41:15 WARNING not starting unused module syslogout
2018-09-19 09:41:15 INFO connecting to 10.233.26.20:514
2018-09-19 09:44:00 WARNING stopping nxlog service
2018-09-19 09:44:00 WARNING nxlog received a termination request signal, exiting...
nxlog failed to start: Invalid 'include' directive at C:\Program Files\nxlog\conf\extra.conf:86
Failed to open config file <C:\Program Files\nxlog>\conf\extra.conf
The filename, directory name, or volume label syntax is incorrect.

nxlog failed to start: Invalid 'include' directive at C:\Program Files\nxlog\conf\extra.conf:86
Failed to open config file <C:\Program Files\nxlog>\conf\extra.conf
The filename, directory name, or volume label syntax is incorrect.

AskedSeptember 19, 2018 - 9:55am

Answer (1)