I am trying to configure NXlog to work with AlienVault based on the guide here
I installed the custom config file from AlienVault and modified the destination IP only. When I did this I could not get the NXlog service to start - Then I reinstalled the default config but I still cannot get it to open.
I edited the file in notepad which I thing should be safe, however I have read here that it is possibly the UTF-8 BOM - I am not sure how to check if there is one but I do not believe there is because I only used notepad.
The first line in the config file looks like so:
define ROOT C:\Program Files (x86)\nxlog
The NXlog Log file with the errors is only displaying this error:
nxlog failed to start: Invalid keyword: define at C:\Program Files (x86)\nxlog\conf\nxlog.conf:1
Not very helpful - Seems to be choking on the very first word - Anyone seen this before???
As B0ti mentioned, my problem was caused by the BOM - I couldn't figure out how to fix this on windows so I downloaded the file into a Linux environment and fixed it there. To do so follow these steps -
First I verified there was a BOM in place with the
file
command:ex:
file filename.txt
-This will print information about the file - if there is a BOM you will see that.Next I followed the answer here for removing the BOM:
Basically just do this in the Linux box -
sed '1s/^\xEF\xBB\xBF//' < orig.txt > new.txt
Then I transferred the new file back to the Windows box and all was right with the world!