nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aldrin Piri <aldrinp...@gmail.com>
Subject Re: How to fetch remote windows event logs with minifi agent and ConsumeWindowsEventLog processor
Date Thu, 01 Nov 2018 16:34:39 GMT
Hello,

Did you add the windows-event-log nar to your MiNiFi distribution?  This is
not a bundle that is automatically included.  The log is creating a ghost
implementation as it cannot find a backing implementation for that
component coordinate.  This is likely the best approach but you will need
to augment the standard minifi distribution to also support this
functionality.

As far as your second approach, this is unlikely to be the result you are
looking for.  To the best of my knowledge, the evtx format is a format that
would not lend itself well to the appended log format TailFile is expecting.

On Thu, Nov 1, 2018 at 12:23 PM Jagan <jbuddanooka@softilityinc.com> wrote:

> Hi all...
>
> I am trying to fetch remote windows server event logs in two ways
> 1.by installing minifi agent on the remote server and then created a
> minifi
> config.yml with ConsumeWindowsEventLog processor and Remote process group
>
> after that I have started minifi agent where ConsumeWindowsEventLog
> processor able to read logs from windows event log but was not able to send
> them to Remote process group here messages are getting queued and not
> reaching Remote process group
>
> where I have seen following error in minifi agent logs
>
> 2018-10-31 21:02:36,690 WARN [main] org.apache.nifi.minifi.FlowEnricher
> Could not find any eligible bundles for
> org.apache.nifi.processors.windows.event.log.ConsumeWindowsEventLog.
> Automatic start of the flow cannot be guaranteed.
> 2018-10-31 21:02:41,011 WARN [main] o.a.n.c.StandardFlowSynchronizer Schema
> validation error parsing Flow Configuration at line 16, col 27:
> cvc-complex-type.2.4.a: Invalid content was found starting with element
> 'maxConcurrentTasks'. One of '{bundle}' is expected.
> 2018-10-31 21:02:41,489 ERROR [main]
> o.apache.nifi.controller.FlowController
> Could not create Processor of type
> org.apache.nifi.processors.windows.event.log.ConsumeWindowsEventLog for ID
> 2b67acce-9365-3433-0000-000000000000; creating "Ghost" implementation
> org.apache.nifi.controller.exception.ProcessorInstantiationException:
> Unable
> to find bundle for coordinate default:unknown:unversioned at
>
> org.apache.nifi.controller.FlowController.instantiateProcessor(FlowController.java:1271)
>
> please suggest me how can I overcome this error...
> and the second method is
>
> 2..by installing minifi agent on the remote server and then created a
> minifi
> config.yml with tailfile processor and Remote process group
> here I am specifying the file  location of
> Application.evtx(C:\Windows\System32\winevt\Logs\Application.evtx
> )
>
> will this method work for fetching remote windows server event logs because
> when I try this I got no response from tail file processor
>
> and please suggest me if there are better ways to do this
>
> Thank you all...
>
>
>
> --
> Sent from: http://apache-nifi-developer-list.39713.n7.nabble.com/
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message