Hi all,
I'm sending my VMware vCenter server logs and Windows event logs into
Graylog using nxlog-ce to send to GELF UDP inputs.
I'm getting confused as to why the "message" field is truncated compared
with the "full_message".
At this point I have not tried defining any fields in nxlog for these nor
have I defined any extractors on the inputs.
What can cause these messages to be truncated? I'm assuming Graylog is
trying to process these into various fields which is leading to the
truncated message but I'm not sure how I can overcome this.
Here's an example:
full_message: vpxd2015-06-24T10:36:18.302+10:00 info vpxd[10384]
[Originator@6876 sub=vpxLro
opID=opId-f89b4b1a-bd95-48fa-8193-d7f494ae37b2-3d-5a] [VpxLRO] -- FINISH
task-internal-2506
message: vpxd2015-06-24T10:36:18.302+10:00 info vpxd[10384] [Originator@6
I am seeing the same behaviour for the Windows events and here's an example:
full_message: The system call to get account information completed.
CN=VMM01,CN=Computers,DC=lab,DC=melbourneit,DC=com The call completed in 0
milliseconds.
message: The system call to get account information completed.
CN=VMM01
Here are the two relevant inputs used in nxlog.conf:
<Input InEvents>
Module im_msvistalog
EXEC if $ObjectName =~ /\\Nimsoft\\probes\\/ drop();
</Input>
<Input VPXD>
Module im_file
File "C:\\ProgramData\\VMware\\VMware
VirtualCenter\\Logs\\vpxd-[0-9]*.log"
SavePos TRUE
ReadFromLast TRUE
Exec $Message = 'vpxd' + $raw_event;
</Input>
I'm guessing It's probably going to be something as simple as defining
fields in nxlog but I'm not real sure on that and am hoping someone else
has come across this and has a solution or at least some pointers in the
right direction.
Any help with this would be greatly appreciated!
Cheers, Pete
--
You received this message because you are subscribed to the Google Groups
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
