We are using nxlog to collect eventlog information. Some entries can be large, in fact some message are split over several entries as a workaround for the maximum eventlog entry size. However, these large entries seem to hang nxlog so that it stops processing new entries. Typical error messages are:


2014-10-27 17:10:32 ERROR EvtNext failed with error 1734: The array bounds are invalid.  
2014-10-27 17:10:33 ERROR EvtUpdateBookmark failed: The handle is invalid.


Why is this? Is there any workaround?


AskedNovember 4, 2014 - 11:18am

Answers (2)

Error 1734 is an RPC error and this is local eventlog so the error message does not tell much (it might be braindead already and thus a buggy error code).

If you can provide a POC test case which can be used to reproduce this by using eventcreate or some other tool to inject the offending eventlog entry,  then please open a ticket in the Support ticketing system.