• Support Troubleshooting

    Troubleshooting Nxlog

    Troubleshooting Nxlog

    Use these tips to troubleshoot problems with Nxlog. You can check the nxlog configuration, send sample data, and check connection. Additionally, you can read the Nxlog Configuration docs.

    Wait a Few Minutes

    Wait a few minutes after sending an event to give it time to index and appear in the search results. It normally happens within seconds, but sometimes it can take longer.

    Check Loggly Status

    If Loggly isn’t seeing data check our status page to make sure we are indexing data and search is running. You should see green dots and “All Systems Operational”.

    Restart Nxlog

    Make sure you restarted nxlog so your changes in nxlog configuration file take effect. Open the Services tool in the Start menu, find nxlog in the list, and then restart the service.
    windows-services

    Check your Nxlog configuration

    Make sure you don’t see any of these common configuration problems:

    • Check to make sure that you replaced the customer token in nxlog configuration file.
    • If you are on 32-bit Windows make sure you replaced the ROOT and ROOT_STRING variables

    Check Nxlog log file

    If your logs haven’t made it to Loggly yet, open up the nxlog log file and see what’s going on: C:\\Program Files*\\nxlog\\data\\nxlog.log

    Debug Output

    In order to see what’s actually sent over to Loggly, edit your nxlog configuration file: Add this section with the other Extensions:

    <Extension fileop>
        Module   xm_fileop
    </Extension>
    

    This line should go into the Output module that you’re debugging:

    Exec file_write("C:\\Program Files (x86)\\nxlog\\data\\nxlog_output.log",  $raw_event);

    Check Connection

    Sample Error Messages:

    2013-06-04 16:35:59 ERROR couldn't connect to tcp socket on 192.168.1.1:514; A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. 
    
    2013-06-04 16:36:00 INFO connecting to 192.168.1.1:514
    
    2013-06-04 16:36:21 INFO reconnecting in 2 seconds
    

    If you see an error connecting to “tcp socket on 192.168.1.1:514”, you’ve probably got an issue with the configuration file. Make sure that you’re editing the configuration file as “Administrator”, this means that you should actually open up text editor as Administrator.
    windows_admin

    Check Directory Path

    Sample Error Messages:

    2013-06-04 20:46:48 WARNING nxlog-ce received a termination request signal, exiting...
    2013-06-04 20:57:10 ERROR failed to open C:\Program Files (x86);xlog\data;xlog.log; The filename, directory name, or volume label syntax is incorrect. 
    2013-06-04 20:57:10 INFO nxlog-ce-2.4.1054 started
    

    When you designate a directory path, be sure to escape any special characters, including back slashes.
    From

    File  "C:\\Program Files (x86)\nxlog\data\nxlog.log"

    To

    File  "C:\\Program Files (x86)\\nxlog\\data\\nxlog.log"

    Check Nxlog Configuration

    Sample Error Messages:

    2013-06-04 21:36:28 ERROR file is already defined at C:\Program Files (x86)\nxlog\conf\nxlog.conf:34
    
    2013-06-04 21:36:28 ERROR module 'file_watch' has configuration errors, not adding to route '1' at C:\Program Files (x86)\nxlog\conf\nxlog.conf:58
    
    2013-06-04 21:36:28 WARNING not starting unused module file_watch
    

    Each input module can only reference one source.Create unique names for each of the input streams. For example:

    <Input python_logs>
       Module   im_file
       File     "C:\\Your Project\\Python\\mylog.log"
       SavePos  TRUE
    </Input>
    
    <Input apache_logs>
       Module   im_file
       File     “C:\\Program Files (x86)\\Apache Group\\Apache2\\logs\\error.log”
       SavePos  TRUE
    </Input>
    

    Double check that your Route module has the complete list of Input modules. For Example:

    <Route 1>
       Path internal, python_logs, apache_logs, eventlog => out
    </Route>
    

    Check Using Wireshark

    Wireshark is network protocol analyzer. It lets you see what’s happening on your network. You can track network traffic to Loggly on port 514 and see if anything is going wrong. You can use the following filter query in the Wireshark.

    tcp.port == 514
    WireShark

    Still Not Working?

    Thanks for the feedback! We'll use it to improve our support documentation.


    2017自拍综合自拍免费