NXlog will not start - AlienVault Config

Question

I am trying to configure NXlog to work with AlienVault based on the guide here

I installed the custom config file from AlienVault and modified the destination IP only. When I did this I could not get the NXlog service to start - Then I reinstalled the default config but I still cannot get it to open.

I edited the file in notepad which I thing should be safe, however I have read here that it is possibly the UTF-8 BOM - I am not sure how to check if there is one but I do not believe there is because I only used notepad.

The first line in the config file looks like so:

define ROOT C:\Program Files (x86)\nxlog

The NXlog Log file with the errors is only displaying this error:

nxlog failed to start: Invalid keyword: define at C:\Program Files (x86)\nxlog\conf\nxlog.conf:1

Not very helpful - Seems to be choking on the very first word - Anyone seen this before???

Answer 1

As B0ti mentioned, my problem was caused by the BOM - I couldn't figure out how to fix this on windows so I downloaded the file into a Linux environment and fixed it there. To do so follow these steps -

First I verified there was a BOM in place with the file command:

ex: file filename.txt -This will print information about the file - if there is a BOM you will see that.

Next I followed the answer here for removing the BOM:

Basically just do this in the Linux box - sed '1s/^\xEF\xBB\xBF//' < orig.txt > new.txt

Then I transferred the new file back to the Windows box and all was right with the world!

Answer 2

I'm pretty sure that's caused by the UTF-8 BOM in your config file. I suggest using and checking with an editor that can handle this. In HEX mode you can confirm whether the file has a BOM or not.

The NXLog EE v4.0 can cope with the BOM properly BTW.