Hello,
The application, which I'm trying to capture log data from, will
intermittently stop writing to its log files while nxlog is monitoring
them. The only workaround is to stop nxlog.
I'm running Windows 2008 R2 with nxlog-ce-2.5.1089.
Has anyone experience this problem? Does nxlog "lock" files? Any ideas on
how to avoid this problem?
Below my nxlog config. You can see a screenshot of the process monitor
here:
https://drive.google.com/file/d/0BwEwcjgiKDDjdGJQNjNGUk43Uk0/edit?usp=sharing
Regards,
Dan
## Please set the ROOT to your nxlog installation directory
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
#LogLevel DEBUG
<Extension charconv>
Module xm_charconv
AutodetectCharsets UCS-2LE, utf-8
</Extension>
<Extension syslog>
Module xm_syslog
</Extension>
# Input to allow log info from UMRASQL server
<Input Network>
Module im_tcp
Host 0.0.0.0
Port 1514
Exec if $raw_event =~ /^$/ drop(); \
else $Message = $raw_event;
</Input>
# Monitor UMRA's tasks log files
<Input PSM>
Module im_file
File "C:\\UMRA_logs\\PSM\\\\*.txt"
Exec $Message = $raw_event;
Recursive FALSE
PollInterval 1
SavePos TRUE
ReadFromLast FALSE
</input>
<Input GA-O365_error>
Module im_file
File "C:\\UMRA_logs\\GA-O365\\ERRO*.txt"
Exec $Message = $raw_event;
Recursive TRUE
PollInterval 1
SavePos TRUE
ReadFromLast TRUE
</input>
<Input GA-O365_created>
Module im_file
File "C:\\UMRA_logs\\GA-O365\\Report-Create*.txt"
Exec $Message = $raw_event;
Recursive TRUE
PollInterval 1
SavePos TRUE
ReadFromLast TRUE
</input>
<Input GA-O365_updated>
Module im_file
File "C:\\UMRA_logs\\GA-O365\\Report-Update*.txt"
Exec $Message = $raw_event;
Recursive TRUE
PollInterval 1
SavePos TRUE
ReadFromLast TRUE
</input>
<Input GA-O365_retired>
Module im_file
File "C:\\UMRA_logs\\GA-O365\\Report-Retire*.txt"
Exec $Message = $raw_event;
Recursive TRUE
PollInterval 1
SavePos TRUE
ReadFromLast TRUE
</input>
<Input Staff-AD_error>
Module im_file
File "C:\\UMRA_logs\\Staff\\ERRO*.txt"
Exec $Message = $raw_event;
Recursive TRUE
PollInterval 1
SavePos TRUE
ReadFromLast TRUE
</input>
<Input Staff-AD_created>
Module im_file
File "C:\\UMRA_logs\\Staff\\Report-Create*.txt"
Exec $Message = $raw_event;
Recursive TRUE
PollInterval 1
SavePos TRUE
ReadFromLast TRUE
</input>
<Input Staff-AD_updated>
Module im_file
File "C:\\UMRA_logs\\Staff\\Report-Update*.txt"
Exec $Message = $raw_event;
Recursive TRUE
PollInterval 1
SavePos TRUE
ReadFromLast TRUE
</input>
<Input Staff-AD_retired>
Module im_file
File "C:\\UMRA_logs\\Staff\\Report-Retire*.txt"
Exec $Message = $raw_event;
Recursive TRUE
PollInterval 1
SavePos TRUE
ReadFromLast TRUE
</input>
<Input Staff-AD_failed>
Module im_file
File "C:\\UMRA_logs\\Staff\\Report-Fail*.txt"
Exec $Message = $raw_event;
Recursive TRUE
PollInterval 1
SavePos TRUE
ReadFromLast TRUE
</input>
<Input Students-AD_error>
Module im_file
File "C:\\UMRA_logs\\Students\\ERRO*.txt"
Exec $Message = $raw_event;
Recursive TRUE
PollInterval 1
SavePos TRUE
ReadFromLast TRUE
</input>
<Input Students-AD_created>
Module im_file
File "C:\\UMRA_logs\\Students\\Report-Create*.txt"
Exec $Message = $raw_event;
Recursive TRUE
PollInterval 1
SavePos TRUE
ReadFromLast TRUE
</input>
<Input Students-AD_updated>
Module im_file
File "C:\\UMRA_logs\\Students\\Report-Update*.txt"
Exec $Message = $raw_event;
Recursive TRUE
PollInterval 1
SavePos TRUE
ReadFromLast TRUE
</input>
<Input Students-AD_retired>
Module im_file
File "C:\\UMRA_logs\\Students\\Report-Retire*.txt"
Exec $Message = $raw_event;
Recursive TRUE
PollInterval 1
SavePos TRUE
ReadFromLast TRUE
</input>
<Input Students-AD_failed>
Module im_file
File "C:\\UMRA_logs\\Students\\Report-Fail*.txt"
Exec $Message = $raw_event;
Recursive TRUE
PollInterval 1
SavePos TRUE
ReadFromLast TRUE
</input>
<Processor syslog_transformer>
Module pm_transformer
# Uncomment to override the program name
Exec $SourceName = $SourceModuleName;
# Uncomment to override the hostname
# Exec $Hostname = 'HOSTNAME';
OutputFormat syslog_rfc5424
</Processor>
<Processor csv_transformer>
Module pm_transformer
#InputFormat syslog_rfc5424
# Uncomment to override the program name
Exec $SourceName = $SourceModuleName;
# Uncomment to override the hostname
Exec $Hostname = 'UMRAOS01';
OutputFormat CSV
CSVOutputFields $EventReceivedTime, $Hostname, $SourceName, $message
#QuoteMethod None (only for xm_csv module)
</Processor>
<Output syslogout>
Module om_ssl
Host xxx
Port xxx
CAFile xxx
AllowUntrusted FALSE
</Output>
<Output local_file>
Module om_file
File "c:\\nxlog_log_test.txt"
Sync TRUE
</Output>
<Output csv_file>
Module om_file
File "C:\\UMRA_logs\\_Consolidated_Log\\UMRA_Log.txt"
Sync TRUE
</Output>
<Route syslog>
Path PSM, GA-O365_error, GA-O365_created, GA-O365_updated,
GA-O365_retired, Staff-AD_error, Staff-AD_created, Staff-AD_updated,
Staff-AD_retired, Staff-AD_failed, Students-AD_error, Students-AD_created,
Students-AD_updated, Students-AD_retired, Students-AD_failed =>
syslog_transformer => syslogout
</Route>
<Route csv>
Path PSM, GA-O365_error, GA-O365_created, GA-O365_updated,
GA-O365_retired, Staff-AD_error, Staff-AD_created, Staff-AD_updated,
Staff-AD_retired, Staff-AD_failed, Students-AD_error, Students-AD_created,
Students-AD_updated, Students-AD_retired, Students-AD_failed =>
csv_transformer => csv_file
</Route>
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
