Can not got SCCM Log- SMSProv.log

[Kevin.c]

Hello Nagios,
I want use Log server got the log about our SCCM server , file name is SMSProv.log , attachment is the file , I think also setting on SCCM is right , but could not got any log in log server , please help , thanks alot !

<Input sccmm1>
Module im_file
File 'C:\CCL\SMSProv.log'
SavePos TRUE
Exec $Message = $raw_event;
</Input>

<Route 1>
Path internal, eventlog, sccmm1 => out
</Route>

[mcapra]

Can you share the <Output out> definition in your nxlog configuration as well?

[Kevin.c]

<Output out>
Module om_tcp
Host 10.3.98.99
Port 3515

Exec $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message");
Exec $raw_event = to_json();

# Uncomment for debug output
# Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n");
</Output>

[Kevin.c]

Hi ,
thank you for fast reaction ,
here is my nxlog.conf fine in attachment , please check !

thanks again !

[mcapra]

Can you un-comment this line in your nxlog configuration:

Code: Select all

# Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n");

Restart the nxlog service, let things run for a bit and get some events generated in your SMSProv.log, and share the contents of your nxlog_output.log file.

[Kevin.c]

hi,
Un-comment it , still not working !
please take a look the nxlog output in attachment !

thank you

[mcapra]

This is definitely noteworthy:

Code: Select all

2017-03-28 15:51:04 ERROR Couldn't parse Exec block at C:\Program Files (x86)\nxlog\conf\nxlog.conf:59; couldn't parse statement at line 59, character 89 in C:\Program Files (x86)\nxlog\conf\nxlog.conf; procedure 'file_write()' does not exist or takes different arguments
2017-03-28 15:51:04 ERROR module 'out' has configuration errors, not adding to route '1' at C:\Program Files (x86)\nxlog\conf\nxlog.conf:63
2017-03-28 15:51:04 ERROR route 1 is not functional without output modules, ignored at C:\Program Files (x86)\nxlog\conf\nxlog.conf:63
2017-03-28 15:51:04 ERROR module 'out' has configuration errors, not adding to route '1' at C:\Program Files (x86)\nxlog\conf\nxlog.conf:75
2017-03-28 15:51:04 ERROR route 1 is not functional without output modules, ignored at C:\Program Files (x86)\nxlog\conf\nxlog.conf:75
2017-03-28 15:51:04 WARNING no routes defined!
2017-03-28 15:51:04 WARNING not starting unused module internal
2017-03-28 15:51:04 WARNING not starting unused module file1
2017-03-28 15:51:04 WARNING not starting unused module eventlog
2017-03-28 15:51:04 WARNING not starting unused module out
2017-03-28 15:51:04 WARNING not starting unused module sccmm1
2017-03-28 15:51:04 INFO nxlog-ce-2.9.1347 started

Go ahead and re-comment that Exec line. Looks like it's wreaking havoc. Restart the nxlog service afterwards and share a fresh copy of your nxlog log file.

One thing that i see might be causing issues is you have Route 1 defined twice:

Code: Select all

<Route 1>
    Path internal, file1, eventlog => out
</Route>

# Watch your own files
<Input sccmm1>
    Module   im_file
    File     'C:\CCL\SMSProv.log'
    SavePos  TRUE
    Exec     $Message = $raw_event;
</Input>

<Route 1>
    Path internal, eventlog, sccmm1 => out
</Route>

You should also define the sccmm1 input rule ahead of your Route like so:

Code: Select all

# Watch your own files
<Input sccmm1>
    Module   im_file
    File     'C:\CCL\SMSProv.log'
    SavePos  TRUE
    Exec     $Message = $raw_event;
</Input>

<Route 1>
    Path internal, file1, eventlog, sccmm1 => out
</Route>

[Kevin.c]

Hello，
it was working now， thanks a lot !

[cdienger]

Hi Kevin, Is it safe to assume we can close this out now : ) ?