nxlog-ce 2.9.1716 on Windows 10/Server 2016.

The usage of om_udp seems to cause nxlog.exe to listen on ephemeral port. om_tcp does not cause this. I can't find anything in documentation that explains this behavior.

Please help.


AskedJanuary 23, 2020 - 11:01pm

Comments (4)

  • Zhengshi's picture

    Hey, we have indeed reproduced this in house and have created an internal issue to investigate and resolve this.
    Nothing to provide currently though.

Answer (1)

The windows implementation of the Apache Portable Runtime library creates a socket pair for internal communications. These are called wakeup pipes and are implemented as TCP sockets on windows. This happens when a module needs to monitor files or sockets.

The udp port is probably the locally assigned ephemeral port of the connection. You can see four of these ports in the netstat output since there are four om_udp instances defined in your configuration. The LocalPort configuration directive in the NXLog EE can be used to specify a fixed port number for this.

Hope this clarifies it for you.