为什么Nxlog会消耗100%的CPU,而导致系统无法使用?

时间:2018-06-21 09:16:29

标签: nxlog

操作系统:Windows server 2008 R2 with Nxlog Enterprise 4.0.3550(64位)

当我启动nxlog时,它占用了100%cpu,我将日志记录模式设置为调试,但是我无法从中找到有意义的信息。下面是我的nxlog配置,其中日志发送到SIEM服务器192.168.0.100 

define ROOT C:\Program Files\nxlog

define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %LOGFILE%
LogLevel DEBUG   

<Extension _syslog>
    Module      xm_syslog
</Extension>


<Extension _exec>
    Module      xm_exec
</Extension>

<Extension _json>
    Module      xm_json
</Extension>

### Define our inputs ###

<Input winlog>
    Module       im_msvistalog
    ReadFromLast TRUE
    ResolveSID  TRUE
    <QueryXML>
       <QueryList>
         <Query Id='1'>
            <Select Path='Application'>*</Select>
            <Select Path='Security'>*</Select>
            <Select Path='System'>*</Select>
         </Query>
       </QueryList>
   </QueryXML>
</Input>

<Output winout>
    Module     om_tcp
    Host       192.168.0.100
    Port       514
    Exec       to_json(); $Message = $raw_event;to_syslog_bsd();
</Output>

<Route 1>
    Path        winlog => winout
</Route>
include %CONFDIR%\extra.conf

调试日志看起来像在pastebin链接pastebin.com

1 个答案:

答案 0 :(得分:0)

nxlog-4.0.3689起已解决此问题。

相关问题
最新问题