13
responses

Hello,

I am running a trial version of EE, but when I try to start NxLog, I get errors saying it cannot find the modules.

Here is my conf file. I have verified that nxlog is installed at C:\Program Files\nxlog.

## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/docs/
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
define ROOT C:\Program Files\nxlog
#define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data

LogFile %ROOT%\data\nxlog.log
#LogLevel DEBUG

<Extension json>
Module xm_json
</Extension>

<Input in>
# For Windows 2008 and later
Module im_msvistalog
# For Windows 2003 and earlier
#Module im_mseventlog

File "c:\\documents and settings\\administrator\\desktop\\events\\app.evtx"

Exec to_json();

</Input>

<Output out>

Module om_tcp
Host localhost
Port 5013

</Output>

<Route 1>
Path in => out
</Route>

Error logs

2018-10-12 13:51:24 ERROR Failed to load module from C:\Program Files\nxlog\modules\input\im_msvistalog.dll, The specified module could not be found. ; The specified module could not be found.
2018-10-12 13:51:24 WARNING no functional input modules!
2018-10-12 13:51:24 ERROR module 'in' is not declared at C:\Program Files\nxlog\conf\nxlog.conf:42
2018-10-12 13:51:24 ERROR route 1 is not functional without input modules, ignored at C:\Program Files\nxlog\conf\nxlog.conf:42
2018-10-12 13:51:24 INFO nxlog-4.1.4046-trial started
2018-10-12 13:51:24 WARNING not starting unused module out

AskedOctober 12, 2018 - 8:17pm

Comments (12)

  • motts's picture

    I am also getting "couldn't connect to tcp socket on (server):513: no connection could be made because the target machine actively refused it.", but if I uninstall the trial EE and install the CE, I have no issues once I comment out the input->file directive, since it is not supported in CE.

Pages

Answer (1)

Hi motts, I noticed this and would like to add an answer in case you or someone else encounters this problem again. The im_msvistalog File directive should not be quoted; see the Reference Manual.

Therefore, perhaps this configuration would work:

<Extension json>
    Module  xm_json
</Extension>

<Input in>
    # This works on Windows 2008/Vista and later only;
    # "Documents and Settings" normally does not exist on Vista and later.

    Module  im_msvistalog
    File    C:\documents and settings\administrator\desktop\events\app.evtx
    Exec    to_json();
</Input>

Additionally:

  • The im_msvistalog module is only available on Windows 2008/Vista and later.
  • The im_mseventlog module (for Windows XP/2000/2003) does not support reading directly from file.