Every time after 3-4 hours of working, nxlog stop processing events and even write to nxlog.log
Last messages from nxlog.log
2021-02-04 05:49:07 ERROR [im_msvistalog|winlog] Couldn't retrieve eventlog fields from xml, EvtRender() failed; The data area passed to a system call is too small.
2021-02-04 05:49:32 ERROR [im_msvistalog|winlog] last message repeated 24 times
How to define events that triggers this ERRORs and crush reasons?
Comments (3)
Every time after 3-4 hours of working, nxlog stop processing events and even write to nxlog.log Last messages from nxlog.log
How to define events that triggers this ERRORs and crush reasons?
You could use
log_info($raw_event);function in order to print the offending event tonxlog.log.Thanks!
It seems, that
im_msvistalogstruggle with this error, when trying to parse hugeEventDatafields fromEventData in this events contains ScriptBlockText which is very huge and contains special characters.
Is it possible to fix this?
Or disable EventData parsing somehow in
im_msvistalogfor specific EventID ?I can provide event sample, to reproduce ERROR btw