Nagios Support Forum

We are using NXLOG to forward logs to NLS logstash. It was working as expected until yesterday. I checked the ES cluster and Logstash health and everything is healthy and logstash is open for receiving files. However when checked NXLOG the logs shows the below

2025-11-06 21:51:35 INFO nxlog-ce-2.9.1347 started
2025-11-06 21:51:36 ERROR Couldn't read next event, corrupted eventlog?; The data is invalid.

Later since the NXLOG is very old I renamed the nxlog directory and installed new version of NXLOG nxlog-ce-3.2.2329 and still the logs stopped flowing to NLS.


The connection from Source to NLS is all healthy and from NLS servers I do see the ports are open and used by Logstash. Any idea what else could be causing this issue?

Hi @kboppana1,

Thanks for reaching out! From your initial error log, it appears to be an issue with NXLog failing to read your Windows logs. It's hard to say what could have caused this without access to the actual logs in question, but I'd recommend correlating the timing on when these errors occur with the logs you're attempting to forward. That may give you more clues about the "corrupted eventlog" issue. It's possible this is a permissions issue, but without more information it's difficult to say.

It looks like you installed a newer version of NXLog to try and work around this issue. Are you seeing the same errors in the logs for that version?

In any case, as this error appears to be between NXLog and your Windows logs, I'd encourage you to take a look at the NXLog community as they may have better troubleshooting steps for this issue.

So only one Windows host is not sending log data to NLS?