2
answers

Hello all,

I'm currently running NXLog Enterprise in Version nxlog-4.0.3550-x64 with the following config:

<Input eventlog>
Module  im_msvistalog
File    C:\logs\Security.evtx
</Input>

<Input application>
    Module  im_msvistalog
    File    C:\logs\Application.evtx
</Input>

Trying to read-in from 2 local evtx files. In the nxlog.log I see the following error:

2019-01-21 14:34:33 ERROR ### ASSERTION FAILED at line 1945 in im_msvistalog.c/im_msvistalog_start(): "((nx_im_msvistalog_subscr_t **)(imconf->q_subs->elts))[imconf->q_subs->nelts-1]->query = imconf->_query" ###
2019-01-21 14:34:36 ERROR last message repeated 4 times
2019-01-21 14:34:36 ERROR ### ASSERTION FAILED at line 1945 in im_msvistalog.c/im_msvistalog_start(): "((nx_im_msvistalog_subscr_t **)(imconf->q_subs->elts))[imconf->q_subs->nelts-1]->query = imconf->_query" ###

Do you know what I'm doing wrong here?

From what I've read in the manual, the enterprise edition should be able to read evtx files.

best regards, micsnare

AskedJanuary 21, 2019 - 2:38pm

Answers (2)

From what I've read in the manual, the enterprise edition should be able to read evtx files.

You are right, it should and does on more recent versions. :) There was a regression in v4.0.3550 that caused this error. It was fixed in subsequent versions.
Please see the following forum post:
https://nxlog.co/question/3643/immsvistalog-assertion-failed

AnsweredJanuary 21, 2019 - 3:29pm

Do you know what I'm doing wrong here?

You haven't upgraded to the most recent version that fixes this.

AnsweredJanuary 21, 2019 - 4:25pm