[nxlog-ce-users] nxlog windows eventlog im_msvistalog crashes with INFO but not with DEBUG

Tue, 11 Nov 2014 01:39:18 -0800 

Hello,
                We are trying to use nxlog for shipping logs from windows
event to elastic search.
Sometimes nxlog is crashing with, somehow this is a random behavior it may
crash on different messages in EventLog

Crash log:
Faulting application name: nxlog.exe, version: 0.0.0.0, time stamp:
0x53ca79be
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp:
0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0005e8d1
Faulting process id: 0x3454
Faulting application start time: 0x01cffd8c7ee035f3
Faulting application path: C:\Program Files (x86)\nxlog\nxlog.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: bdaf2722-697f-11e4-a98b-0050569747fd

Looking out in cache configcache.dat point to an specific windows log, xml
export is like this:

<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
                                <System>
                                                <Provider
Name='BackendServiceHost'/>
                                                <EventID
Qualifiers='0'>0</EventID>
                                                <Level>4</Level>
                                                <Task>0</Task>

<Keywords>0x80000000000000</Keywords>
                                                <TimeCreated
SystemTime='2014-11-10T10:17:18.000000000Z'/>

<EventRecordID>2735489</EventRecordID>
                                                <Channel>Kalixa</Channel>

<Computer>ATVT6WABPP002.tst.pay</Computer>
                                                <Security/>
                                </System>
                                <EventData>
                                                <Data>INFO
 CQRPayments.PaymentService.Implementation.Engine [(null), 2014-11-10
10:17:17,891, 1, ]
Engine Started in: 00:00:00.0099056
                                                </Data>
                                </EventData>
                </Event>

When LogLevel is  INFO  it crashes and restarting service does not help
it’s keep crashing.
However it LogLevel Is DEBUG it goes through and message Is read without
any crashes.

Machine is running windows 2008 R2 Standard, x64
Related configs

define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile D:\LogFiles\nxlog\nxlog.log

LogLevel INFO

<Input eventlog>
  Module  im_msvistalog
  SavePos True
  ReadFromLast True
  #PollInterval 5
  Query <QueryList> \
          <Query Id="0"> \
            <Select Path="Kalixa">*</Select> \
            <Select Path="Application">*[System[(Level='2' or
Level='3')]]</Select> \
          </Query> \
        </QueryList>

  Exec $Hostname = hostname(); \
       $DateEventTime = strftime($EventTime, "%Y-%m-%dT%H:%M:%S+00:00");
</Input>

<Output out_http_eventlog>
  Module  om_http
  URL     http://elasticSearchURL/
  Exec set_http_request_path("logstash-" + strftime(now(), "%Y.%m.%d") +
"/nx_eventlog");

  Exec $raw_event = to_json();
</Output>

# Let's tie all pieces together with a NXlog route
<Route eventlog_route>
  Path   eventlog => out_http_eventlog
</Route>


-- 
br,
Andrian Bulat

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users

Reply via email to