responses
Hi
I am trying to install nxlog on XP machine but I couldn't troubleshoot the error. Following is the error I am seeing on XP machine:
2020-08-20 15:54:06 WARNING nxlog-ce received a termination request signal, exiting...
2020-08-20 15:54:10 ERROR invalid keyword: Query at C:\Program Files\nxlog\conf\nxlog.conf:37
2020-08-20 15:54:10 ERROR module 'in' has configuration errors, not adding to route '1' at C:\Program Files\nxlog\conf\nxlog.conf:52
2020-08-20 15:54:10 ERROR route 1 is not functional without input modules, ignored at C:\Program Files\nxlog\conf\nxlog.conf:52
2020-08-20 15:54:10 WARNING no routes defined!
2020-08-20 15:54:10 WARNING not starting unused module in
2020-08-20 15:54:10 WARNING not starting unused module out
2020-08-20 15:54:10 INFO nxlog-ce-2.10.2150 started
Comments (5)
Panic Soft
#NoFreeOnExit TRUE
define ROOT C:\Program Files\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
<Extension _gelf>
Module xm_gelf
</Extension>
<Extension _charconv>
Module xm_charconv
AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
</Extension>
<Extension _exec>
Module xm_exec
</Extension>
<Input in>
Module im_mseventlog
Query <QueryList>\
<Query Id="0">\
<Select Path="Application">*</Select>\
<Select Path="System">*</Select>\
<Select Path="Security">*</Select>\
</Query>\
</QueryList>
Exec if ($EventID == 5156) drop();
</Input>
<Output out>
Module om_ssl
Host x.x.x.xm
Port x
CertFile %CERTDIR%\gliclient.crt
CertKeyFile %CERTDIR%\gliclient.key
AllowUntrusted TRUE
OutputType GELF_TCP
</Output>
<Route 1>
Path in => out
</Route>
Hi,
Is there any particular reason why you are using obsolete OS?
I've checked your config on Win2019 server and it seems to work properly - at least there're no errors.
Best,
Rafal
I would recommend you to stick to the following syntax regarding the query part.
@manuel.munoz thanks! I will do this modification and see if it runs without errors.
I have few applications that only runs on XP and I want to see logs generating from those. If it works on 2019, then what could possibly wrong in conf file? I was going through the documentations and found im_mseventlog support limited directives. Is that XP limitation?