ERROR ### ASSERTION FAILED at line 879 in module.c/resume_senders(): "curr->type == NX_MODULE_TYPE_INPUT" ###
#1
bmalenfant
Setup NXLog to send IIS logs to Syslog.
Using the following modules:
xm_syslog xm_csv im_file om_tcp
My config file is the following:
Panic Soft
#NoFreeOnExit TRUE
define ROOT e:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension _charconv>
Module xm_charconv
AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
</Extension>
<Extension _exec>
Module xm_exec
</Extension>
<Extension _fileop>
Module xm_fileop
# Check the size of our log file hourly, rotate if larger than 5MB
<Schedule>
Every 1 hour
Exec if (file_exists('%LOGFILE%') and \
(file_size('%LOGFILE%') >= 5M)) \
file_cycle('%LOGFILE%', 8);
</Schedule>
# Rotate our log file every week on Sunday at midnight
<Schedule>
When @weekly
Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
</Schedule>
</Extension>
<Extension w3c_parser>
Module xm_csv
Fields date, time, s-ip, cs-method, cs-uri-stem, cs-uri-query, \
s-port, cs-username, c-ip, cs(User-Agent), cs(Referer), \
sc-status, sc-substatus, sc-win32-status, time-taken
FieldTypes string, string, string, string, string, string, integer, \
string, string, string, string, integer, integer, integer, \
integer
Delimiter ' '
EscapeChar '"'
QuoteChar '"'
EscapeControl FALSE
UndefValue -
</Extension>
<Input iis_w3c>
Module im_file
File 'L:\Logs\W3SVC1\u_ex*.log'
<Exec>
if $raw_event =~ /^#/ drop();
else
{
w3c_parser->parse_csv();
$EventTime = parsedate($date + "T" + $time + ".000Z");
}
</Exec>
</Input>
<Output out>
Module om_tcp
Host REDACTED
Port 514
Exec to_syslog_ietf();
</Output>
<Output test>
Module om_file
File 'E:\Program Files (x86)\nxlog\test.log'
CreateDir
</Output>
<Route w3c>
Path iis_w3c => w3c_parser => out
</Route>
When I start NXLog I keep getting the following error:
ERROR ### ASSERTION FAILED at line 879 in module.c/resume_senders(): "curr->type == NX_MODULE_TYPE_INPUT" ###
Also, I can see the NXLog client is opening a TCP connection with the syslog destination but doesn't actually send any data in the transaction. (Packet trace shows SYN-SYN/ACK-ACK then immediately FIN from the client)
I tried testing with "om-file" to see if it would at least write to a local file, this failed as well (same error in the log) - so something tells me I have an error in the input module IM_FILE but I can'T figure out what the error is. I took the config example from the user-guide (https://nxlog.co/documentation/nxlog-user-guide/iis.html).
Any help appreciated!
#1
bmalenfant
Setup NXLog to send IIS logs to Syslog.
Using the following modules:
xm_syslog
xm_csv
im_file
om_tcp
My config file is the following:
Panic Soft
#NoFreeOnExit TRUE
define ROOT e:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension _charconv>
Module xm_charconv
AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
</Extension>
<Extension _exec>
Module xm_exec
</Extension>
<Extension _fileop>
Module xm_fileop
# Check the size of our log file hourly, rotate if larger than 5MB
<Schedule>
Every 1 hour
Exec if (file_exists('%LOGFILE%') and \
(file_size('%LOGFILE%') >= 5M)) \
file_cycle('%LOGFILE%', 8);
</Schedule>
# Rotate our log file every week on Sunday at midnight
<Schedule>
When @weekly
Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
</Schedule>
</Extension>
<Extension w3c_parser>
Module xm_csv
Fields date, time, s-ip, cs-method, cs-uri-stem, cs-uri-query, \
s-port, cs-username, c-ip, cs(User-Agent), cs(Referer), \
sc-status, sc-substatus, sc-win32-status, time-taken
FieldTypes string, string, string, string, string, string, integer, \
string, string, string, string, integer, integer, integer, \
integer
Delimiter ' '
EscapeChar '"'
QuoteChar '"'
EscapeControl FALSE
UndefValue -
</Extension>
<Input iis_w3c>
Module im_file
File 'L:\Logs\W3SVC1\u_ex*.log'
<Exec>
if $raw_event =~ /^#/ drop();
else
{
w3c_parser->parse_csv();
$EventTime = parsedate($date + "T" + $time + ".000Z");
}
</Exec>
</Input>
<Output out>
Module om_tcp
Host REDACTED
Port 514
Exec to_syslog_ietf();
</Output>
<Output test>
Module om_file
File 'E:\Program Files (x86)\nxlog\test.log'
CreateDir
</Output>
<Route w3c>
Path iis_w3c => w3c_parser => out
</Route>
When I start NXLog I keep getting the following error:
ERROR ### ASSERTION FAILED at line 879 in module.c/resume_senders(): "curr->type == NX_MODULE_TYPE_INPUT" ###
Also, I can see the NXLog client is opening a TCP connection with the syslog destination but doesn't actually send any data in the transaction. (Packet trace shows SYN-SYN/ACK-ACK then immediately FIN from the client)
I tried testing with "om-file" to see if it would at least write to a local file, this failed as well (same error in the log) - so something tells me I have an error in the input module IM_FILE but I can'T figure out what the error is. I took the config example from the user-guide (https://nxlog.co/documentation/nxlog-user-guide/iis.html).
Any help appreciated!
Hello,
Two points to troubleshoot this:
- you may try to use im_file just pointing at certain file, without additional logic;
- also would you drop us a full log?
Regards, Arch
