6
responses

Dear All,

Has anyone else found issues with the latest Nxlog V3.0.22 in terms of memory. I upgraded a test system on a client and it was usng spiking up to 40% of CPU whereease 2.10 did not do this.

Also, is it possible to download 2.11.90 as the download link appears to have been removed. I even found this issue on Gitlab https://gitlab.com/nxlog-public/nxlog-ce/-/issues/17, however the link does not work.

Does anyone know if there is a repository of releases?

Cheers

Cyberkryption

AskedFebruary 3, 2022 - 2:58pm

Comments (2)

  • wrightdm2's picture

    We are also seeing CPU usage issues with this version. Community edition 3.0.2272 will typically sit at 0% CPU usage for ~1 minute, and then spike to 65-120% of one CPU for ~1 minute. It cycles back and forth for as long as the NxLog client is running. At first we believed this was caused by the quite extensive amount exec statements we performed, but we were able to reproduce the issue with a very simple config that only loaded the im_msvistalog module and monitored a mostly unused event log (see below). We deployed to 35 servers running server 2012r2 datacenter, server 2016 datacenter, and server 2019 datacenter. How many logs/events were monitored and how busy the servers were, seemed irrelevant. Every server displayed the same issue.

    We reverted back to community edition 2.11.2190 and no longer experienced the issue.

    <Input windows_eventlog_defender>
    Module im_msvistalog

    <QueryXML>
    <QueryList>
    <Query Id="0">
    <Select Path="Microsoft-Windows-Windows Defender/Operational">*</Select>
    </Query>
    </QueryList>
    </QueryXML>
    </Input>

    <Route winserverevent_to_winserverevent_out>
    Path windows_eventlog_defender => winserverevent_out
    </Route>

    <Output winserverevent_out>
    Module om_tcp
    Host cyclops.not.a.real.address.com
    Port 33333
    </Output>

Answer (1)

Hello,

yes, but for me it's not a memory leak, I have constant high cpu usage. (Server 2012 R2)
Are you sure you have an issue with memory or do you mean CPU usage?

I just reverted back to 2.11.2190 and everything is good again.
I could upload the msi file somewhere, but you have no way to verifiy the file as NXLog does not publish any hashes.

Comments (3)

  • pchel's picture

    Hi DR_
    I'm interessed in getting the 2.11.2190 msi version, as I encounter this CPU issue too. Could you please upload the msi file you have and give me the link?
    Regards,

  • DR_'s picture

    Sorry for the delay. Here it is: https://easyupload.io/pm5gbi

    Hashes:

    • SHA1: 044DB9A2E0D1215E415E44BEC37DFD121C87B705
    • SHA256: 413972D1769D406FB6A8D67EF951F3353F7392543EA537BD93EBE41B990C7A98
    • SHA512: 3DD6C4C1752E738F668304DE59DA474F91898CAE32952BD779038C34FF69F4E883E0619A5C43087D1846D20EF026852C96C3CF1128971935E9103126A0ED8101