Hello, first sorry for my english. We starting to user Graylog, and have a problem with collecting logs from server 2003.
I instaled the Nxlog and Graylog sidecar on the server, i can collect logs from files, but not the windows logs.
The error is:2017-04-08 11:37:03 ERROR Failed to load module from C:\Program Files (x86)\nxlog\modules\input\im_msvistalog.dll, The specified module could not be found. ; The specified module could not be found. \r\r\n"
The im_msvistalog.dll module is used for Windows 2008/Vista and later, so how can i use im_mseventlog module, or another solution, please?
it defaults for C:\Program Files (x86)\nxlog when looking for modules, but your Windows 2003 may not be 64bit system, in which case nxlog is installed in C:\Program Files\nxlog, it’s matter of changing 2 lines in conf\nxlog.conf just uncomment #define ROOT C:\Program Files\nxlog line and comment define ROOT C:\Program Files (x86)\nxlog
nxlog path:**C:\Program Files (x86)\nxlog\conf**, and conf file:
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
`<Extension _syslog>`
Module xm_syslog
`</Extension>`
`<Extension gelf>`
Module xm_gelf
`</Extension>`
<`Input in>`
Module im_msvistalog
# For windows 2003 and earlier use the following:
Module im_mseventlog
`</Input>`
`<Output out>`
Module om_udp
Host 192.168.1.1
Port 514
Exec to_syslog_snare();
`</Output>`
`<Output out>`
Module om_udp
Host 192.168.1.1
Port 12201
OutputType GELF
`</Output>`
`<Route 1>`
Path in => out
`</Route>`
graylog collector path:**C:\Program Files\Graylog\collector-sidecar**, and conf:
_define ROOT C:\Program Files (x86)\nxlog_
`<Extension gelf>`
Module xm_gelf
`</Extension>`
`<Processor 58e4b968821d7f071874a82b-buffer>`
Type Mem
Module pm_buffer
MaxSize 16384
`</Processor>`
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel INFO
`<Extension logrotate>`
Module xm_fileop
` <Schedule>`
When @daily
Exec file_cycle('%ROOT%\data\nxlog.log', 7);
`</Schedule>`
`</Extension>`
`<Input 58e4b968821d7f071874a82b>`
Module im_msvistalog
PollInterval 3
SavePos True
ReadFromLast True
`</Input>`
`<Output 58e4b932821d7f071874a7f1>`
Module om_udp
Host 192.100.110.140
Port 12201
OutputType GELF
Exec $short_message = $raw_event; # Avoids truncation of the short_message field.
Exec $gl2_source_collector = 'ad298788-b96e-4537-a86e-b6698b54455f';
Exec $Hostname = hostname_fqdn();
`</Output>`
`Route route-0>`
Path 58e4b968821d7f071874a82b => 58e4b968821d7f071874a82b-buffer => 58e4b932821d7f071874a7f1
`</Route>`
**_Error from nxlog:_**
2017-04-10 19:33:14 ERROR Failed to load module from C:\Program Files (x86)\nxlog\modules\input\im_msvistalog.dll, The specified module could not be found. ; The specified module could not be found.
2017-04-10 19:33:15 WARNING stopping nxlog service
2017-04-10 19:33:15 WARNING nxlog-ce received a termination request signal, exiting...
2017-04-10 19:33:15 ERROR Failed to load module from C:\Program Files (x86)\nxlog\modules\input\im_msvistalog.dll, The specified module could not be found. ; The specified module could not be found.
2017-04-10 19:33:15 WARNING no functional input modules!
2017-04-10 19:33:15 ERROR module '58e4b968821d7f071874a82b' is not declared at C:\Program Files\graylog\collector-sidecar\generated\nxlog.conf:55
2017-04-10 19:33:15 ERROR route route-0 is not functional without input modules, ignored at C:\Program Files\graylog\collector-sidecar\generated\nxlog.conf:55
2017-04-10 19:33:15 WARNING no routes defined!
2017-04-10 19:33:15 WARNING not starting unused module 58e4b968821d7f071874a82b-buffer
2017-04-10 19:33:15 WARNING not starting unused module 58e4b932821d7f071874a7f1
2017-04-10 19:33:15 INFO nxlog-ce-2.9.1716 started
**_Error from graylog collector:_**
time="2017-04-10T19:33:04+03:00" level=info msg="Starting signal distributor"
time="2017-04-10T19:33:04+03:00" level=info msg="[nxlog] Stopping"
time="2017-04-10T19:33:04+03:00" level=error msg="[nxlog] Could not send stop control: The service has not been started."
time="2017-04-10T19:33:04+03:00" level=info msg="[nxlog] Starting (svc driver)"
time="2017-04-10T19:33:14+03:00" level=info msg="[nxlog] Configuration change detected, rewriting configuration file."
time="2017-04-10T19:33:14+03:00" level=error msg="[nxlog] Error during configuration validation: 2017-04-10 19:33:14 ERROR Failed to load module from C:\\Program Files (x86)\\nxlog\\modules\\input\\im_msvistalog.dll, The specified module could not be found. ; The specified module could not be found. \r\r\n"
time="2017-04-10T19:33:14+03:00" level=error msg="[nxlog] Collector configuration file is not valid, waiting for the next update."
time="2017-04-10T19:33:15+03:00" level=info msg="[nxlog] Executing requested collector restart"
time="2017-04-10T19:33:15+03:00" level=info msg="[nxlog] Stopping"
time="2017-04-10T19:33:15+03:00" level=info msg="[nxlog] Starting (svc driver)"
For someoane who will have this problem: uninstall the sidecar collector, install nxlog as a aservice, with this nxlog.conf:
**## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/docs/
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
define ROOT C:\Program Files\nxlog
#define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension gelf>
Module xm_gelf
</Extension>
<Input in>
Module im_mseventlog
</Input>
<Output out>
Module om_udp
Host 193.100.100.140
Port 12201
OutputType GELF
</Output>
<Route r>
Path in => out
</Route>
**
