Hi Michael,
> A few notes:
> - In the log, there is a space between the Snare "hostname" and "event
> log type" fields. If the Snare manual is to be believed, this should be
> a tab. Maybe it's another tiny bug in Snare format compatibility.
I checked the Snare source code and it has the following:
if(dwSyslogHeader) {
_snprintf_s(header,_countof(header),_TRUNCATE,"<%ld>%s %s
MSWinEventLog%s%d%s",tdwSyslog,CurrentDate,Hostname,DELIM,CurrentEvent->criticality,DELIM);
} else {
_snprintf_s(header,_countof(header),_TRUNCATE,"%s%sMSWinEventLog%s%d%s",Hostname,DELIM,DELIM,CurrentEvent->criticality,DELIM);
}
When snare puts a syslog header in the output there is a space, otherwise
a tab. NXLog's to_syslog_snare() formatter generates it with the syslog
header so it should be equivalent.
> - Botond probably has a very elegant way to make this ugliness much
> prettier, but I couldn't wait :)
My solution is to fix the source code. In src/common/date.c there is a
function nx_date_to_rfc3164_wday_year() which is only used by the
to_syslog_snare() formatter.
Change
*ptr++ = ' ';
to
*ptr++ = '0';
This will be solved with the next release (really).
Regards,
Botond
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
nxlog-ce-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
