Crash when using TCP Output | Log collection solutions

#1 dev667 8 years ago

This event is logged in the eventlog:

Faulting application name: nxlog.exe, version: 0.0.0.0, time stamp: 0x54fedd1a
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0005e8d1
Faulting process id: 0x4e4
Faulting application start time: 0x01d0a2b5080df49c
Faulting application path: C:\Program Files (x86)\nxlog\nxlog.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 7ebdb4d7-1036-11e5-909f-005056a30012

To reproduce the issue, just have NXLog ship logs to Logstash and then stop Logstash for about an hour then start it, NXLog crashes soon after.

Any idea what might be causing this?

Permalink

#2 adm Nxlog ✓ 8 years ago

#1 dev667

I'm currently using the TCP output of NXLog (v2.9.1347) to ship Windows Server 2008 R2 eventlogs to Logstash (v1.4.2) in JSON format; lately I found that NXLog crashes if Logstash has been unavailable for some time and then became available, although it ships a few logs before crashing. This event is logged in the eventlog: Faulting application name: nxlog.exe, version: 0.0.0.0, time stamp: 0x54fedd1a Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x0005e8d1 Faulting process id: 0x4e4 Faulting application start time: 0x01d0a2b5080df49c Faulting application path: C:\Program Files (x86)\nxlog\nxlog.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 7ebdb4d7-1036-11e5-909f-005056a30012 To reproduce the issue, just have NXLog ship logs to Logstash and then stop Logstash for about an hour then start it, NXLog crashes soon after. Any idea what might be causing this?

It is possible that this is not related to the om_tcp reconnection but some other bug getting hit when processing the data that has piled up while logstash was down. Can you post your config?