search

logstash-plugins / logstash-input-eventlog

Apache License 2.0
7 stars 17 forks source link

Plugin is not working in Win 8.1 #12

Closed logztechstuff closed 9 years ago

logztechstuff commented 9 years ago

Team,

I am trying to read windows events log from Win 8.1 by using eventlog plugin but it is not working as expected. I am getting error. As I am new to Ruby, Troubleshooting takes time. Is it problem with my configuration or plugin? confused! Please help me.

Thanks in advance.

Details:

D:\Analytics\logstash-1.5.0\logstash-1.5.0\bin>logstash --debug -e " input {eventlog { type => 'win32log'}} output{ stdout{} }" io/console not supported; tty will not be manipulated ←[36mCompiled pipeline code: @inputs = [] @filters = [] @outputs = [] @periodic_flushers = [] @shutdown_flushers = []

      @input_eventlog_1 = plugin("input", "eventlog", LogStash::Util.hash_merge_many({ "type" => ("win32log") }))

      @inputs << @input_eventlog_1

      @output_stdout_2 = plugin("output", "stdout")

      @outputs << @output_stdout_2

def filter_func(event) events = [event] @logger.debug? && @logger.debug("filter received", :event => event.to_hash) events end def output_func(event) @logger.debug? && @logger.debug("output received", :event => event.to_hash) @output_stdout_2.handle(event)

end {:level=>:debug, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0 -java/lib/logstash/pipeline.rb", :line=>"28", :method=>"initialize"}←[0m ←[36mPlugin not defined in namespace, checking for plugin file {:type=>"input", :name=>"eventlog", :path=>"logstash/inpu ts/eventlog", :level=>:debug, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-cor e-1.5.0-java/lib/logstash/plugin.rb", :line=>"133", :method=>"lookup"}←[0m ←[32mUsing version 0.1.x input plugin 'eventlog'. This plugin isn't well supported by the community and likely has no ma intainer. {:level=>:info, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-core-1. 5.0-java/lib/logstash/config/mixin.rb", :line=>"223", :method=>"print_version_notice"}←[0m ←[36mPlugin not defined in namespace, checking for plugin file {:type=>"codec", :name=>"plain", :path=>"logstash/codecs/ plain", :level=>:debug, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-core-1.5. 0-java/lib/logstash/plugin.rb", :line=>"133", :method=>"lookup"}←[0m ←[32mUsing version 0.1.x codec plugin 'plain'. This plugin isn't well supported by the community and likely has no maint ainer. {:level=>:info, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0 -java/lib/logstash/config/mixin.rb", :line=>"223", :method=>"print_version_notice"}←[0m ←[36mconfig LogStash::Codecs::Plain/@charset = "UTF-8" {:level=>:debug, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0 /vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0-java/lib/logstash/config/mixin.rb", :line=>"112", :method=>"configini t"}←[0m ←[36mconfig LogStash::Inputs::EventLog/@type = "win32log" {:level=>:debug, :file=>"/Analytics/logstash-1.5.0/logstash-1. 5.0/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0-java/lib/logstash/config/mixin.rb", :line=>"112", :method=>"config init"}←[0m ←[36mconfig LogStash::Inputs::EventLog/@debug = false {:level=>:debug, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0/ vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0-java/lib/logstash/config/mixin.rb", :line=>"112", :method=>"config_init "}←[0m ←[36mconfig LogStash::Inputs::EventLog/@codec = <LogStash::Codecs::Plain charset=>"UTF-8"> {:level=>:debug, :file=>"/Ana lytics/logstash-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0-java/lib/logstash/config/mixin.rb" , :line=>"112", :method=>"config_init"}←[0m ←[36mconfig LogStash::Inputs::EventLog/@add_field = {} {:level=>:debug, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0 /vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0-java/lib/logstash/config/mixin.rb", :line=>"112", :method=>"config_ini t"}←[0m ←[36mconfig LogStash::Inputs::EventLog/@logfile = ["Application", "Security", "System"] {:level=>:debug, :file=>"/Analyt ics/logstash-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0-java/lib/logstash/config/mixin.rb", : line=>"112", :method=>"config_init"}←[0m ←[36mPlugin not defined in namespace, checking for plugin file {:type=>"output", :name=>"stdout", :path=>"logstash/outpu ts/stdout", :level=>:debug, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-core- 1.5.0-java/lib/logstash/plugin.rb", :line=>"133", :method=>"lookup"}←[0m ←[32mUsing version 0.1.x output plugin 'stdout'. This plugin isn't well supported by the community and likely has no mai ntainer. {:level=>:info, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-core-1.5 .0-java/lib/logstash/config/mixin.rb", :line=>"223", :method=>"print_version_notice"}←[0m ←[36mPlugin not defined in namespace, checking for plugin file {:type=>"codec", :name=>"line", :path=>"logstash/codecs/l ine", :level=>:debug, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0- java/lib/logstash/plugin.rb", :line=>"133", :method=>"lookup"}←[0m ←[32mUsing version 0.1.x codec plugin 'line'. This plugin isn't well supported by the community and likely has no mainta iner. {:level=>:info, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0- java/lib/logstash/config/mixin.rb", :line=>"223", :method=>"print_version_notice"}←[0m ←[36mconfig LogStash::Codecs::Line/@charset = "UTF-8" {:level=>:debug, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0/ vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0-java/lib/logstash/config/mixin.rb", :line=>"112", :method=>"config_init "}←[0m ←[36mconfig LogStash::Outputs::Stdout/@type = "" {:level=>:debug, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0/vendo r/bundle/jruby/1.9/gems/logstash-core-1.5.0-java/lib/logstash/config/mixin.rb", :line=>"112", :method=>"config_init"}←[0 m ←[36mconfig LogStash::Outputs::Stdout/@tags = [] {:level=>:debug, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0/vendo r/bundle/jruby/1.9/gems/logstash-core-1.5.0-java/lib/logstash/config/mixin.rb", :line=>"112", :method=>"config_init"}←[0 m ←[36mconfig LogStash::Outputs::Stdout/@exclude_tags = [] {:level=>:debug, :file=>"/Analytics/logstash-1.5.0/logstash-1.5 .0/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0-java/lib/logstash/config/mixin.rb", :line=>"112", :method=>"config_i nit"}←[0m ←[36mconfig LogStash::Outputs::Stdout/@codec = <LogStash::Codecs::Line charset=>"UTF-8"> {:level=>:debug, :file=>"/Analy tics/logstash-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0-java/lib/logstash/config/mixin.rb", :line=>"112", :method=>"config_init"}←[0m ←[36mconfig LogStash::Outputs::Stdout/@workers = 1 {:level=>:debug, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0/ven dor/bundle/jruby/1.9/gems/logstash-core-1.5.0-java/lib/logstash/config/mixin.rb", :line=>"112", :method=>"config_init"}← [0m ←[32mRegistering input eventlog://B3ML05888/["Application", "Security", "System"] {:level=>:info, :file=>"/Analytics/log stash-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-input-eventlog-0.1.5-java/lib/logstash/inputs/eventlog. rb", :line=>"33", :method=>"register"}←[0m ←[32mPipeline started {:level=>:info, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logs tash-core-1.5.0-java/lib/logstash/pipeline.rb", :line=>"86", :method=>"run"}←[0m Logstash startup completed ←[36mTailing Windows Event Log '["Application", "Security", "System"]' {:level=>:debug, :file=>"/Analytics/logstash-1.5. 0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-input-eventlog-0.1.5-java/lib/logstash/inputs/eventlog.rb", :line =>"49", :method=>"run"}←[0m ←[31mWindows Event Log error: Invoke of: NextEvent Source: SWbemEventSource Description: Timed out

["org.racob.com.Dispatch.invokev(Native Method)", "org.racob.com.Dispatch.invokev(Dispatch.java:243)", "org.racob.com.Di spatch.callN(Dispatch.java:187)", "org.jruby.ext.win32ole.RubyWIN32OLE.invokeMethodOrGet(RubyWIN32OLE.java:205)", "org.j ruby.ext.win32ole.RubyWIN32OLE.method_missing(RubyWIN32OLE.java:113)", "org.jruby.ext.win32ole.RubyWIN32OLE$INVOKER$i$0$ 0$method_missing.call(RubyWIN32OLE$INVOKER$i$0$0$method_missing.gen)", "org.jruby.internal.runtime.methods.JavaMethod$Ja vaMethodN.call(JavaMethod.java:677)", "org.jruby.runtime.Helpers$MethodMissingMethod.call(Helpers.java:452)", "org.jruby .internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:210)", "org.jruby.runtime.callsite.CachingCallSite.callM ethodMissing(CachingCallSite.java:401)", "org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:3 23)", "org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)", "org.jruby.ast.CallOneArgNode.interpr et(CallOneArgNode.java:57)", "org.jruby.ast.DAsgnNode.interpret(DAsgnNode.java:110)", "org.jruby.ast.NewlineNode.interpr et(NewlineNode.java:105)", "org.jruby.ast.BlockNode.interpret(BlockNode.java:71)", "org.jruby.evaluator.ASTInterpreter.I NTERPRET_BLOCK(ASTInterpreter.java:112)", "org.jruby.runtime.Interpreted19Block.evalBlockBody(Interpreted19Block.java:20 6)", "org.jruby.runtime.Interpreted19Block.yield(Interpreted19Block.java:157)", "org.jruby.runtime.Interpreted19Block.yi eldSpecific(Interpreted19Block.java:130)", "org.jruby.runtime.Block.yieldSpecific(Block.java:111)", "org.jruby.RubyKerne l.loop(RubyKernel.java:1507)", "org.jruby.RubyKernel$INVOKER$s$0$0$loop.call(RubyKernel$INVOKER$s$0$0$loop.gen)", "org.j ruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:316)", "org.jruby.runtime.callsite.CachingCallSi te.callBlock(CachingCallSite.java:145)", "org.jruby.runtime.callsite.CachingCallSite.callIter(CachingCallSite.java:154)" , "org.jruby.ast.FCallNoArgBlockNode.interpret(FCallNoArgBlockNode.java:32)", "org.jruby.ast.NewlineNode.interpret(Newli neNode.java:105)", "org.jruby.ast.BlockNode.interpret(BlockNode.java:71)", "org.jruby.ast.RescueNode.executeBody(RescueN ode.java:221)", "org.jruby.ast.RescueNode.interpret(RescueNode.java:116)", "org.jruby.ast.BeginNode.interpret(BeginNode. java:83)", "org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)", "org.jruby.ast.BlockNode.interpret(BlockNode.jav a:71)", "org.jruby.evaluator.ASTInterpreter.INTERPRET_METHOD(ASTInterpreter.java:74)", "org.jruby.internal.runtime.metho ds.InterpretedMethod.call(InterpretedMethod.java:182)", "org.jruby.internal.runtime.methods.DefaultMethod.call(DefaultMe thod.java:203)", "org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)", "org.jruby.runtime .callsite.CachingCallSite.call(CachingCallSite.java:170)", "org.jruby.ast.CallOneArgNode.interpret(CallOneArgNode.java:5 7)", "org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)", "org.jruby.ast.RescueNode.executeBody(RescueNode.java: 221)", "org.jruby.ast.RescueNode.interpret(RescueNode.java:116)", "org.jruby.ast.BeginNode.interpret(BeginNode.java:83)" , "org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)", "org.jruby.ast.BlockNode.interpret(BlockNode.java:71)", " org.jruby.ast.EnsureNode.interpret(EnsureNode.java:96)", "org.jruby.evaluator.ASTInterpreter.INTERPRET_METHOD(ASTInterpr eter.java:74)", "org.jruby.internal.runtime.methods.InterpretedMethod.call(InterpretedMethod.java:182)", "org.jruby.inte rnal.runtime.methods.DefaultMethod.call(DefaultMethod.java:203)", "org.jruby.runtime.callsite.CachingCallSite.cacheAndCa ll(CachingCallSite.java:326)", "org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)", "org.jruby.a st.FCallOneArgNode.interpret(FCallOneArgNode.java:36)", "org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)", "or g.jruby.evaluator.ASTInterpreter.INTERPRET_BLOCK(ASTInterpreter.java:112)", "org.jruby.runtime.Interpreted19Block.evalBl ockBody(Interpreted19Block.java:206)", "org.jruby.runtime.Interpreted19Block.yield(Interpreted19Block.java:194)", "org.j ruby.runtime.Interpreted19Block.call(Interpreted19Block.java:125)", "org.jruby.runtime.Block.call(Block.java:101)", "org .jruby.RubyProc.call(RubyProc.java:290)", "org.jruby.RubyProc.call(RubyProc.java:228)", "org.jruby.internal.runtime.Ruby Runnable.run(RubyRunnable.java:99)", "java.lang.Thread.run(Thread.java:662)"] {:level=>:error, :file=>"/Analytics/logsta sh-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-input-eventlog-0.1.5-java/lib/logstash/inputs/eventlog.rb" , :line=>"95", :method=>"run"}←[0m ^CTerminate batch job (Y/N)? ←[33mSIGINT received. Shutting down the pipeline. {:level=>:warn, :file=>"/Analytics/logsta sh-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0-java/lib/logstash/agent.rb", :line=>"116", :met hod=>"execute"}←[0m ←[32mSending shutdown signal to input thread {:thread=>#, :level=>:info, :file=>"/Analytics/log stash-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0-java/lib/logstash/pipeline.rb", :line=>"258" , :method=>"shutdown"}←[0m ←[32mPlugin is finished {:plugin=><LogStash::Inputs::EventLog type=>"win32log", logfile=>["Application", "Security", "Sy stem"]>, :level=>:info, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-core-1.5. 0-java/lib/logstash/plugin.rb", :line=>"61", :method=>"finished"}←[0m ←[32mPlugin is finished {:plugin=>, :level=>:info, :file=>"/Analytics/logstash-1.5.0/logstas h-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0-java/lib/logstash/plugin.rb", :line=>"61", :method=>"finished"} ←[0m ←[32mPipeline shutdown complete. {:level=>:info, :file=>"/Analytics/logstash-1.5.0/logstash-1.5.0/vendor/bundle/jruby/1. 9/gems/logstash-core-1.5.0-java/lib/logstash/pipeline.rb", :line=>"100", :method=>"run"}←[0m Logstash shutdown completed y

jsvd commented 9 years ago

This has been fixed in #10 and version 0.1.6 has been released with it