answers
hi all,
not sure if you can help me, but I recently installed the latest (beta) version of nxlog 4-99.4527 to test the multiple evtx files support.
my config looks like this:
<Input eventlog>
Module im_msvistalog
File "C:\Users\test\Desktop\logs\*.evtx"
</Input>
<Output file_from_eventlog>
Module om_file
File "C:\logs\evtx_new.log"
Exec to_json();
</Output>
while it perfectly outputs to the local file in JSON output :),
i still get the following error in the nxlog.log
`2019-02-01 15:33:01 ERROR failed to query msvistalog events from file (C:\Users\test\Desktop\logs\Microsoft-Windows-SettingSyncOperational.evtx),[error code: 1287]; Zur Bestimmung der Fehlerursache stehen nicht genügend Informationen zur Verfügung.
`
I'm sorry that the error message is in german but roughly translated it means "Not enough information is available to determine the cause of the error."
any ideas what could cause this error?
many thanks in advance,
theresa
Comments (5)
The error message appears to come from Windows.
https://docs.microsoft.com/en-us/windows/desktop/debug/system-error-codes--1000-1299-
We have opened an internal ticket to research the cause and will let you know what we find as soon as we have an answer.
Hello,
We have been unable to reproduce this error.
Would you be able to send in your full config, log and the evtx file? They are thinking it may be related to the evtx file itself.
Thank you,
Jesse
hello jesse,
sure, where shall I send the config and the log to?
we will test this with different evtx files, because the ones that we tested with are customer-related and therefore confidential :(
best regards,
theresa
Hi Theresa,
Depending on the size of your config and log files, you can zip them and either email us at support@nxlog.org or upload them to a site like https://uploadfiles.io and share the link with us here.
Thanks, -Cameron
Unfortunately the error message did not appear on our test system with the
.evtxprovided.