0
responses

Hello Team,

I have added nxlog.conf for our windows application server.

## See the nxlog reference manual at
## http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
define CERT %ROOT%\cert

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

# Include fileop while debugging, also enable in the output module below
#<Extension fileop>
# Module xm_fileop
#</Extension>

<Extension json>
Module xm_json
</Extension>

<Extension syslog>
Module xm_syslog
</Extension>

<Extension csv>
Module xm_csv
Fields date1, date2, mailid, name, result
Delimiter |
#EscapeControl TRUE
</Extension>

<Input internal>
Module im_internal
</Input>

# Watch your own files
<Input file1>
Module im_file
File '%ROOT%\data\nxlog.log'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input COPNewMNPAR_general>
Module im_file
Exec $type = 'COPNewMNPAR_general';
File 'D:\RPAMain\Logs\General\COPNewMNPAR\General*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input COPNewMNPAR_approcessed>
Module im_file
Exec $type = 'COPNewMNPAR_approcessed';
File 'D:\RPAMain\Logs\General\COPNewMNPAR\AppsProcessed*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input COPNewMNPAR_processing>
Module im_file
Exec $type = 'COPNewMNPAR_processing';
File 'D:\RPAMain\Logs\General\COPNewMNPAR\AppsProcessing*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input COPNewMNPAR_exception>
Module im_file
Exec $type = 'COPNewMNPAR_exception';
File 'D:\RPAMain\Logs\Exception\COPNewMNPAR\Exception*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input igniteserver>
Module im_file
Exec $type = 'igniteserver';
File 'C:\ProgramData\AutomationAnywhere\Logs\IgniteServer*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input HR Process1_security>
Module im_file
Exec $type = 'HR Process1_security';
File 'D:\RPAMain\Logs\General\HR Process1\Security\Security*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input HR Process1_general>
Module im_file
Exec $type = 'HR Process1_general';
File 'D:\RPAMain\Logs\General\HR Process1\Genaral*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input HR Process1_exception>
Module im_file
Exec $type = 'HR Process1_exception';
File 'D:\RPAMain\Logs\Exception\HR Process1\Exception*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input HR Process2_general>
Module im_file
Exec $type = 'HR Process2_general';
File 'D:\RPAMain\Logs\General\HR Process2\Genaral*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input HR Process2_exception>
Module im_file
Exec $type = 'HR Process2_exception';
File 'D:\RPAMain\Logs\Exception\HR Process2\Exception*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input Bot1_general>
Module im_file
Exec $type = 'Bot1_general';
File 'D:\RPAMain\Logs\General\Bot1\General*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input Bot1_exception>
Module im_file
Exec $type = 'Bot1_exception';
File 'D:\RPAMain\Logs\Exception\Bot1\Exception*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input Bot1_approcessed>
Module im_file
Exec $type = 'Bot1_approcessed';
File 'D:\RPAMain\Logs\App Process\Bot1\AppProcessed*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input Bot1_processing>
Module im_file
Exec $type = 'Bot1_processing';
File 'D:\RPAMain\Logs\AppProcess\Bot1\AppProcessing*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input Bot1_security>
Module im_file
Exec $type = 'Bot1_security';
File 'D:\RPAMain\Logs\Security\Bot1\Security*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input Bot3_general>
Module im_file
Exec $type = 'Bot3_general';
File 'D:\RPAMain\Logs\General\Bot3\General*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input Bot3_exception>
Module im_file
Exec $type = 'Bot3_exception';
File 'D:\RPAMain\Logs\Exception\Bot3\Exception*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input Bot3_approcessed>
Module im_file
Exec $type = 'Bot3_approcessed';
File 'D:\RPAMain\Logs\App Process\Bot3\AppProcessed*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input Bot3_processing>
Module im_file
Exec $type = 'Bot3_processing';
File 'D:\RPAMain\Logs\AppProcess\Bot3\AppProcessing*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input Bot3_security>
Module im_file
Exec $type = 'Bot3_security';
File 'D:\RPAMain\Logs\Security\Bot3\Security*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input MNPSAC_general>
Module im_file
Exec $type = 'MNPSAC_general';
File 'D:\RPAMain\Logs\General\MNPSAC\General*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input MNPSAC_exception>
Module im_file
Exec $type = 'MNPSAC_exception';
File 'D:\RPAMain\Logs\Exception\MNPSAC\Exception*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input CPARefund_general>
Module im_file
Exec $type = 'CPARefund_general';
File 'D:\RPAMain\Logs\General\CPARefund\General*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input CPARefund_exception>
Module im_file
Exec $type = 'CPARefund_exception';
File 'D:\RPAMain\Logs\Exception\CPARefund\Exception*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input CPARefund_processed>
Module im_file
Exec $type = 'CPARefund_processed';
File 'D:\RPAMain\Logs\General\CPARefund\processed*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input CPARefund_processing>
Module im_file
Exec $type = 'CPARefund_processing';
File 'D:\RPAMain\Logs\General\CPARefund\processing*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input CPA_general>
Module im_file
Exec $type = 'CPA_general';
File 'D:\RPAMain\Logs\General\CPA\General*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input CPA_exception>
Module im_file
Exec $type = 'CPA_exception';
File 'D:\RPAMain\Logs\Exception\CPA\Exception*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input CPA_processed>
Module im_file
Exec $type = 'CPA_processed';
File 'D:\RPAMain\Logs\RefundMasterList\ProcessedLog*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input Bot2_general>
Module im_file
Exec $type = 'Bot2_general';
File 'D:\RPAMain\Logs\General\Bot2\General*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input Bot2_exception>
Module im_file
Exec $type = 'Bot2_exception';
File 'D:\RPAMain\Logs\Exception\Bot2\Exception*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input Bot2_approcessed>
Module im_file
Exec $type = 'Bot2_approcessed';
File 'D:\RPAMain\Logs\App Process\Bot2\AppProcessed*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input Bot2_processing>
Module im_file
Exec $type = 'Bot2_processing';
File 'D:\RPAMain\Logs\AppProcess\Bot2\AppProcessing*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input Bot2_security>
Module im_file
Exec $type = 'Bot1_security';
File 'D:\RPAMain\Logs\Security\Bot2\Security*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input Security_general>
Module im_file
Exec $type = 'Security_general';
File 'D:\RPAMain\Logs\General\Security\General*.txt'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Input Security_processedlog>
Module im_file
Exec $type = 'Security_processedlog';
File 'D:\RPAMain\Logs\General\Security\ProcessedLog*.csv'
InputType LineBased
PollInterval 1
SavePos TRUE
Exec csv->parse_csv();
Exec $Message = $raw_event;
</Input>

# Windows Event Log
<Input eventlog>
# Uncomment im_msvistalog for Windows Vista/2008 and later
Module im_msvistalog

# Uncomment im_mseventlog for Windows XP/2000/2003
# Module im_mseventlog
</Input>

<Output out>
Module om_tcp
Host 172.31.244.219
Port 3515

Exec $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message");
Exec $raw_event = to_json();

# Uncomment for debug output
# Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n");
</Output>

<Route 1>
Path internal, file1, eventlog, COPNewMNPAR_general, OPNewMNPAR_approcessed, COPNewMNPAR_processing, COPNewMNPAR_exception, igniteserver, HR Process1_security, HR Process1_general, HR Process1_exception, HR Process2_general, HR Process2_exception, Bot1_general, Bot1_exception, Bot1_approcessed, Bot1_processing, Bot1_security, Bot3_general, Bot3_exception, Bot3_approcessed, Bot3_processing, Bot3_security, MNPSAC_general, MNPSAC_exception, CPARefund_general, CPARefund_exception, CPARefund_processed, CPARefund_processing, CPA_general, CPA_exception, CPA_processed, Bot2_general, Bot2_exception, Bot2_approcessed, Bot2_processing, Bot2_security, Security_general, Security_processedlog => out
</Route>

I see below warning for all application log files , nxlog is not able to read the logs from application log files. Please suggest.

021-06-11 13:22:59 WARNING Module Bot1_general has no input files to read
Module Bot1_exception has no input files to read
Module Bot1_security has no input files to read

I also see this log , nxlog is making an attempt but not able to read. These application log files are written every minute.

An attempt was made to access an object.

Subject:
Security ID: S-1-5-18
Account Name: SHTVRPACTRLP01$
Account Domain: DIGICR
Logon ID: 0x3E7

Object:
Object Server: Security
Object Type: File
Object Name: D:\RPAMain\Logs\Exception\Bot3
Handle ID: 0xcd4
Resource Attributes:

Process Information:
Process ID: 0x66ec
Process Name: C:\Program Files (x86)\nxlog\nxlog.exe

Access Request Information:
Accesses: ReadData (or ListDirectory)

Access Mask: 0x1

Thanks

AskedJune 11, 2021 - 8:53am

Answers (0)