1
answer

Hello,
I parameterized as seen in the examples the nxlog configuration file for the logs of my Windows 2016 servers, but when I restart the services with them. In the nxlog files I find this:

nxlog failed to start: Expected </Extension_gelf> but saw </Extension> at C:\Program Files (x86)\nxlog\conf\nxlog.conf:48

nxlog failed to start: Expected </Extension_gelf> but saw </Extension> at C:\Program Files (x86)\nxlog\conf\nxlog.conf:48

nxlog failed to start: Expected </Extension2> but saw </Extension> at C:\Program Files (x86)\nxlog\conf\nxlog.conf:48

Do you have ideas to list the errors? thank you in advance

AskedNovember 26, 2019 - 10:23am

Comments (2)

  • manuel.munoz's picture
    (NXLog)

    Can you please paste full config file here?

    November 26, 2019 - 11:05am
  • feujj's picture

    Yes for sure:
    Panic Soft
    #NoFreeOnExit TRUE

    define ROOT C:\Program Files (x86)\nxlog
    define CERTDIR %ROOT%\cert
    define CONFDIR %ROOT%\conf
    define LOGDIR %ROOT%\data
    define LOGFILE %LOGDIR%\nxlog.log
    LogFile %LOGFILE%

    Moduledir %ROOT%\modules
    CacheDir %ROOT%\data
    Pidfile %ROOT%\data\nxlog.pid
    SpoolDir %ROOT%\data

    <Extension _syslog>
    Module xm_syslog
    </Extension>

    <Extension _charconv>
    Module xm_charconv
    AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
    </Extension>

    <Extension _exec>
    Module xm_exec
    </Extension>

    <Extension _fileop>
    Module xm_fileop

    # Check the size of our log file hourly, rotate if larger than 5MB
    <Schedule>
    Every 1 hour
    Exec if (file_exists('%LOGFILE%') and \
    (file_size('%LOGFILE%') >= 5M)) \
    file_cycle('%LOGFILE%', 8);
    </Schedule>

    # Rotate our log file every week on Sunday at midnight
    <Schedule>
    When @weekly
    Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
    </Schedule>
    </Extension>
    <Extension2>
    Module xm_gelf
    </Extension>

    <Input win>
    Module im_msvistalog
    </Input>

    <Output graylog>
    Module om_udp
    Host 10.0.205.21
    Port 3514
    Output Type GELF
    </Output>
    <Route graylog>
    Path win => graylog
    </Route>

    November 26, 2019 - 11:11am

Answer (1)

Edit this bit to have proper instance name.

<Extension2>
Module xm_gelf
</Extension>

Maybe something like:

<Extension gelf>
    Module    xm_gelf
</Extension>

Also, you should edit OutputType to not have a space in the directive name.

<Output graylog>
  Module om_udp
  Host 10.0.205.21
  Port 3514
  OutputType GELF
</Output>

Be sure to verify config as well to make sure there aren't any other issues:

-v, --verify
Verify configuration file syntax.
AnsweredNovember 26, 2019 - 9:07pm