"Input file does not exist"

#1 tsigidibam 8 years ago

I am using the following im_file configuration to try to collect Windows DHCP Server logs:

## Input module for Microsoft DHCP server audit logs
<Input dhcp>
   Module im_file
   File "C:\\Windows\\System32\\Dhcp\\DhcpSrvLog-*.log"
   SavePos TRUE
   PollInterval 180
   Exec to_syslog_bsd();
</Input>

I also tried this without escaping the backslashes and even with "/" characters instead. I also tried using a specific filename but nothing seems to work, since I get the "input file does not exist" error.

When I try the same config but with the location being at C:\Dhcp\DhcpSrvLog-*.log, everything works. nxlog service is being run as LocalSystem. Any hints on what I would need to do next to get the logs working from their native location?

Permalink

#2 adm Nxlog ✓ 8 years ago

#1 tsigidibam

I am using the following im_file configuration to try to collect Windows DHCP Server logs: ## Input module for Microsoft DHCP server audit logs <Input dhcp> Module im_file File "C:\\Windows\\System32\\Dhcp\\DhcpSrvLog-*.log" SavePos TRUE PollInterval 180 Exec to_syslog_bsd(); </Input> I also tried this without escaping the backslashes and even with "/" characters instead. I also tried using a specific filename but nothing seems to work, since I get the "input file does not exist" error. When I try the same config but with the location being at C:\Dhcp\DhcpSrvLog-*.log, everything works. nxlog service is being run as LocalSystem. Any hints on what I would need to do next to get the logs working from their native location?

Try setting the loglevel to debug by adding the following to nxlog.conf and look into nxlog.log, it shold print some more details why the file is not picked up.

LogLevel Debug