1. I am using https://nxlog.co/system/files/products/files/348/nxlog-ce-2.10.2150.msi to download the nxlog file.
2. I am using below configuration:
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/docs/
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog

define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension _json>   
Module xm_json

<Input in>
Module im_msvistalog
Query <QueryList>\
<Query Id="0">\
<Select Path="Security">* </Select>\
<Select Path="Application">* </Select>\
<Select Path="Setup">* </Select>\
<Select Path="System">* </Select>\
if ($EventID NOT IN (%aisiem%)) drop();

<Output out>   
Module om_udp   
Port 5154   
Exec to_json();

<Route 1>   
Path in => out

3. Getting this error:
2020-10-22 19:11:05 WARNING stopping nxlog service
2020-10-22 19:11:05 WARNING nxlog-ce received a termination request signal, exiting...
2020-10-22 19:11:16 ERROR Failed to load module from C:\Program Files (x86)\nxlog\modules\output\om_udp   .dll, Invalid argument; Invalid argument
2020-10-22 19:11:16 ERROR module 'out' is not declared at C:\Program Files (x86)\nxlog\conf\nxlog.conf:52
2020-10-22 19:11:16 ERROR route 1>  is not functional without output modules, ignored at C:\Program Files (x86)\nxlog\conf\nxlog.conf:52
2020-10-22 19:11:16 WARNING no routes defined!
2020-10-22 19:11:16 WARNING not starting unused module in
2020-10-22 19:11:16 INFO nxlog-ce-2.10.2150 started

4. I am using windows 10.
Please suggest what should I change to configure successfully.

AskedOctober 22, 2020 - 3:53pm

Answer (1)


Is it a full config file?

The first thing I'd suggest is confirming your <Output> configuration is OK. Please take a look at the Host line - you have CCE_IP_ADDRESS, and it seems you might need to fill it with a proper IP address.

Most likely it won't still be fine, since you're also missing the aisiem config part - while it's clearly present in the conf.

Check these two things and let us know if it helps, please.