nxlog Not Start in New Version

[mikew]

I just installed the latest version of Log Server(2015R2.0b) on two different servers. Several things I found.

1. The script for a Linux install does not exist, it is empty. I can get around that fairly easy but not convenient.

2. The Windows nxlog will not start.
I set this up on multiple Windows 2012 R2 servers (installed and ran msi and then replaced the nxlog file) and they both fail to start. I pulled the Windows text from multiple Log servers (new version) and replaced the nxlog.conf, none will start. I never had this problem in the previous versions. Here is the text of the nxlog.conf from the log server:

Code: Select all

## See the nxlog reference manual at ## http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html ## Please set the ROOT to the folder your nxlog was installed into, ## otherwise it will not start. #define ROOT C:\Program Files\nxlog define ROOT C:\Program Files (x86)\nxlog define CERT %ROOT%\cert Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log # Include fileop while debugging, also enable in the output module below #<Extension fileop> # Module xm_fileop #</Extension> <Extension json> Module xm_json </Extension> <Extension syslog> Module xm_syslog </Extension> <Input internal> Module im_internal </Input> # Watch your own files <Input file1> Module im_file File '%ROOT%\data\nxlog.log' SavePos TRUE </Input> # Windows Event Log <Input eventlog> # Uncomment im_msvistalog for Windows Vista/2008 and later Module im_msvistalog # Uncomment im_mseventlog for Windows XP/2000/2003 # Module im_mseventlog </Input> <Output out> Module om_tcp Host 45.55.19.153 Port 3515 Exec $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message"); Exec $raw_event = to_json(); # Uncomment for debug output # Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n"); </Output> <Route 1> Path internal, file1, eventlog => out </Route>

I checked the nxlog and it says "empty configuration" which I assume would mean the PATH to the ROOT was incorrect but it is correct. Any ideas?

[jolson]

The Windows nxlog will not start.

What is your full path to the ROOT directory? I see that in your configuration file, you have two definitions (one of which is commented out):
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

I have verified that a new install of nxlog and the default configuration worked for me.

The script for a Linux install does not exist, it is empty. I can get around that fairly easy but not convenient.

I noticed this as well. I will check on this and get back to you. In the meantime, please answer the above questions that I have posed. Thank you!

[mikew]

The path is correct:

define ROOT C:\Program Files (x86)\nxlog

It is not commented out.

[jolson]

I set this up on multiple Windows 2012 R2 servers

Have you attempted to set this up on any other Windows Servers or workstations? If you have, are they experiencing similar issues?

Try opening wordpag as administrator, and opening C:\Program Files (x86)\nxlog\conf\nxlog.conf. After it is opened, paste the following:

Code: Select all

## See the nxlog reference manual at 
## http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html
 
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
define CERT %ROOT%\cert
 
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
 
# Include fileop while debugging, also enable in the output module below
#<Extension fileop>
#    Module xm_fileop
#</Extension>
 
<Extension json>
    Module      xm_json
</Extension>
 
<Extension syslog>
    Module xm_syslog
</Extension>
 
<Input internal>
    Module im_internal
</Input>
 
# Watch your own files
<Input file1>
    Module   im_file
    File     '%ROOT%\data\nxlog.log'
    SavePos  TRUE
</Input>
 
# Windows Event Log
<Input eventlog>
# Uncomment im_msvistalog for Windows Vista/2008 and later
    Module im_msvistalog
 
# Uncomment im_mseventlog for Windows XP/2000/2003
#   Module im_mseventlog
</Input>

<Output out>
    Module om_tcp
    Host 45.55.19.153
    Port 3515
	
    Exec  $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message");
    Exec  $raw_event = to_json();
	
	# Uncomment for debug output
	# Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n");
</Output>
 
<Route 1>
    Path internal, file1, eventlog => out
</Route>

After that, restart the nxlog service and report any strange errors that might be logged in "C:\Program Files (x86)\nxlog\data\nxlog.log".

Thanks Mike!

[mikew]

So I posted that on the Win2012 R2 server and it started.

I tried on a Windows 7 with the code from the Log server and it also failed.

[lmiltchev]

1. The script for a Linux install does not exist, it is empty. I can get around that fairly easy but not convenient.

The bug will be fixed in the next release of Nagios Log Server. For the time being, you can download the file below:

source.zip

unzip it and copy the "source.php" file to the "/var/www/html/nagioslogserver/application/controllers/" directory, replacing the original file. This should fix the problem.

2. The Windows nxlog will not start.

I am not able to recreate the issue on Windows 7 64-bit. After modifying the "nxlog.conf" by pasting the the code from the Log server, the service started just fine. I haven't tried it on a Windows 2012 R2 server, yet.

[jolson]

I tried on a Windows 7 with the code from the Log server and it also failed.

If you use wordpad and paste the configuration from your NLS GUI, does everything work as expected? I fear that notepad might be messing with the format of the configuration file in a way that's causing this to fail for you.

Best,


Jesse

[mikew]

Just to verify:

Regardless of using notepad or wordpad, the copy/paste action failed on every Windows version I tried with this latest version. However, when I used the formatted text it worked on all. This is definitely different than the previous version for some reason as I was able to copy/paste with notepad and it worked regardless of Windows versions.

Anyway, thanks for the help you can close this.

[jolson]

Thanks for the information Mike, I'll close it up.

Jesse