nxlog 4-99-4527 (evtx files)
hi all,
not sure if you can help me, but I recently installed the latest (beta) version of nxlog 4-99.4527 to test the multiple evtx files support. my config looks like this:
<Input eventlog>
Module im_msvistalog
File "C:\Users\test\Desktop\logs\*.evtx"
</Input>
<Output file_from_eventlog>
Module om_file
File "C:\logs\evtx_new.log"
Exec to_json();
</Output>
while it perfectly outputs to the local file in JSON output :), i still get the following error in the nxlog.log
2019-02-01 15:33:01 ERROR failed to query msvistalog events from file (C:\Users\test\Desktop\logs\Microsoft-Windows-SettingSyncOperational.evtx),[error code: 1287]; Zur Bestimmung der Fehlerursache stehen nicht genügend Informationen zur Verfügung.
I'm sorry that the error message is in german but roughly translated it means "Not enough information is available to determine the cause of the error."
any ideas what could cause this error?
many thanks in advance, theresa
The error message appears to come from Windows.
https://docs.microsoft.com/en-us/windows/desktop/debug/system-error-codes--1000-1299-
ERROR_UNIDENTIFIED_ERROR
1287 (0x507) Insufficient information exists to identify the cause of failure.
We have opened an internal ticket to research the cause and will let you know what we find as soon as we have an answer.
