responses
Hello,
I am running a trial version of EE, but when I try to start NxLog, I get errors saying it cannot find the modules.
Here is my conf file. I have verified that nxlog is installed at C:\Program Files\nxlog.
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/docs/
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
define ROOT C:\Program Files\nxlog
#define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
#LogLevel DEBUG
<Extension json>
Module xm_json
</Extension>
<Input in>
# For Windows 2008 and later
Module im_msvistalog
# For Windows 2003 and earlier
#Module im_mseventlog
File "c:\\documents and settings\\administrator\\desktop\\events\\app.evtx"
Exec to_json();
</Input>
<Output out>
Module om_tcp
Host localhost
Port 5013
</Output>
<Route 1>
Path in => out
</Route>
Error logs
2018-10-12 13:51:24 ERROR Failed to load module from C:\Program Files\nxlog\modules\input\im_msvistalog.dll, The specified module could not be found. ; The specified module could not be found.
2018-10-12 13:51:24 WARNING no functional input modules!
2018-10-12 13:51:24 ERROR module 'in' is not declared at C:\Program Files\nxlog\conf\nxlog.conf:42
2018-10-12 13:51:24 ERROR route 1 is not functional without input modules, ignored at C:\Program Files\nxlog\conf\nxlog.conf:42
2018-10-12 13:51:24 INFO nxlog-4.1.4046-trial started
2018-10-12 13:51:24 WARNING not starting unused module out
Comments (12)
Here is what I get when I run debug
2018-10-12 14:52:31 DEBUG nx_win32_svc_main
2018-10-12 14:52:31 DEBUG reading config cache from C:\Program Files\nxlog\data\configcache.dat
2018-10-12 14:52:31 DEBUG nxlog cache read
2018-10-12 14:52:31 DEBUG Setting up module 'in' using im_msvistalog
2018-10-12 14:52:31 ERROR [modules.c:118/nx_module_load_dso()] Failed to load module from C:\Program Files\nxlog\modules\input\im_msvistalog.dll, The specified module could not be found. ; The specified module could not be found.
2018-10-12 14:52:31 DEBUG Setting up module 'out' using om_tcp
2018-10-12 14:52:31 DEBUG module out has 0 exported functions
2018-10-12 14:52:31 DEBUG module out has 1 exported procedures
2018-10-12 14:52:31 DEBUG registering procedure reconnect
2018-10-12 14:52:31 DEBUG procedure 'reconnect' registered
2018-10-12 14:52:31 DEBUG CONFIG: out
2018-10-12 14:52:31 DEBUG nxlog config OK
2018-10-12 14:52:31 DEBUG INIT: out
2018-10-12 14:52:31 DEBUG Pollset initialized for module out (method: select)
2018-10-12 14:52:31 WARNING no functional input modules!
2018-10-12 14:52:31 WARNING route has no name at C:\Program Files\nxlog\conf\nxlog.conf:28
2018-10-12 14:52:31 DEBUG parsing path: in => out
2018-10-12 14:52:31 ERROR [router.c:69/nx_route_add_module()] module 'in' is not declared at C:\Program Files\nxlog\conf\nxlog.conf:30
2018-10-12 14:52:31 DEBUG adding module out to route
2018-10-12 14:52:31 ERROR [router.c:394/nx_add_route()] route is not functional without input modules, ignored at C:\Program Files\nxlog\conf\nxlog.conf:30
2018-10-12 14:52:31 DEBUG jobgroup created with priority 10
2018-10-12 14:52:31 DEBUG spawning 1 worker threads
2018-10-12 14:52:31 DEBUG worker thread 0 started
2018-10-12 14:52:31 INFO nxlog-4.1.4046-trial started
2018-10-12 14:52:31 WARNING not starting unused module out
2018-10-12 14:52:31 DEBUG worker 0 waiting for new event
2018-10-12 14:52:31 DEBUG worker 0 got signal for new job
2018-10-12 14:52:31 DEBUG worker 0 got no event to process
2018-10-12 14:52:31 DEBUG worker 0 waiting for new event
2018-10-12 14:52:31 DEBUG event thread started
2018-10-12 14:52:31 DEBUG no events or no future events, event thread sleeping in condwait
2018-10-12 14:52:31 DEBUG Window thread created
I have also tried uninstallilng NxLog and reinstalling in the x86 directory, but I get the same errors.
Is the file there?
C:\Program Files\nxlog\modules\input\im_msvistalog.dllYes, it was there. I uninstalled it and reinstalled in the x86 folder, I have the same issues. I am not sure if I can attach screenshots here. I do not see an option.
**New installation directory
C:\Program Files (x86)\nxlog\modules\input\im_msvistalog.dll
New directory, but same errors
C:\Program Files (x86)\nxlog>nxlog.exe -f
2018-10-12 15:46:10 ERROR Failed to load module from C:\Program Files (x86)\nxlog\modules\input\im_msvistalog.dll, The specified module could not be found. ; The specified module could not be found.
2018-10-12 15:46:10 WARNING no functional input modules!
2018-10-12 15:46:10 ERROR module 'in' is not declared at C:\Program Files (x86)\nxlog\conf\nxlog.conf:50
2018-10-12 15:46:10 ERROR route 1 is not functional without input modules, ignored at C:\Program Files (x86)\nxlog\conf\nxlog.conf:50
2018-10-12 15:46:10 INFO nxlog-4.1.4046-trial started
2018-10-12 15:46:10 WARNING not starting unused module out
Here is the new conf file as well:
Panic Soft
define ROOT C:\Program Files (x86)\nxlog
ModuleDir %ROOT%\modules
CacheDir %ROOT%\data
PidFile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
# Note that these two lines define constants only; the log file location
# is ultimately set by the `LogFile` directive (see below). The
# `MYLOGFILE` define is also used to rotate the log file automatically
# (see the `_fileop` block).
define LOGDIR %ROOT%\data
define MYLOGFILE %LOGDIR%\nxlog.log
# By default, `LogFile %MYLOGFILE%` is set in log4ensics.conf. This
# allows the log file location to be modified via NXLog Manager. If you
# are not using NXLog Manager, you can instead set `LogFile` below and
# disable the `include` line.
#LogFile %MYLOGFILE%
#include %CONFDIR%\log4ensics.conf
<Extension json>
Module xm_json
</Extension>
<Input in>
Module im_msvistalog
File "C:\\Users and Computers\\Administrator\\Desktop\\events\\app.evtx"
Exec to_json();
</Input>
<Output out>
Module om_tcp
Host localhost
Port 513
</Output>
<Route 1>
Path in => out
</Route>
Could you provide the File name for the one you are using?
I will pull the files to test locally.
Sure. It is:
nxlog-4.1.4046-x64_trial.msi
Also, I am using Server 2003
You might want to modify your configuration then:
I do not have a copy of Windows 2003 readily available, but I installed both x64 and x86 trials on a 2016 host and both modules worked properly.
Possibly re-download, clean directories and reinstall. Then test with a fresh/clean nxlog.conf. The thought is either config vs install location isn't lining up, or maybe the download is corrupted.
I just tried installing the agent on server 2008 and I get this error:
2018-10-16 10:54:13 ERROR failed to subscribe to msvistalog events [error code:123]; The filename, directory name, or volume label syntax is incorrect.
Here is my config on that 2008 server:
Panic Soft
define ROOT C:\Program Files\nxlog
ModuleDir %ROOT%\modules
CacheDir %ROOT%\data
PidFile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
# Note that these two lines define constants only; the log file location
# is ultimately set by the `LogFile` directive (see below). The
# `MYLOGFILE` define is also used to rotate the log file automatically
# (see the `_fileop` block).
define LOGDIR %ROOT%\data
define MYLOGFILE %LOGDIR%\nxlog.log
# By default, `LogFile %MYLOGFILE%` is set in log4ensics.conf. This
# allows the log file location to be modified via NXLog Manager. If you
# are not using NXLog Manager, you can instead set `LogFile` below and
# disable the `include` line.
#LogFile %MYLOGFILE%
#include %CONFDIR%\log4ensics.conf
<Extension json>
Module xm_json
</Extension>
<Input in>
Module im_msvistalog
File "C:\\Users\\Administrator\\Desktop\\events\\app.evtx"
Exec to_json();
</Input>
<Output out>
Module om_tcp
Host localhost
Port 513
</Output>
<Route 1>
Path in => out
</Route>
Pages