Hi, What you need is the following: Exec $Message = $raw_event; to_syslog_xxx();
I know there are some grey areas in the documentation regarding this. HTH, Botond On Mon, 21 Oct 2013 12:05:47 +0000 Lindgren Daniel <daniel.lindg...@tullverket.se> wrote: > > > <Output out_syslog> > > > Module om_tcp > > > Host syslog.company.com > > > Port 514 > > > # Exec to_syslog_ietf(); > > Since this is disabled, the tcp output sends the dhcp logs as is, i.e. > > not in syslog format. This most likely confuses your syslog daemon on > > the other end. > > When sending data from Windows EventLog I have to use to_syslog_ietf, but If > I use to_syslog_ietf when sending data from a logfile the result looks like > this on the syslog side: > > Oct 21 13:50:07 WINDOWSSERVER - > Oct 21 13:50:20 WINDOWSSERVER - > Oct 21 13:50:20 WINDOWSSERVER - > Oct 21 13:50:20 WINDOWSSERVER - > Oct 21 13:50:22 WINDOWSSERVER - > Oct 21 13:50:22 WINDOWSSERVER - > Oct 21 13:50:22 WINDOWSSERVER - > Oct 21 13:50:23 WINDOWSSERVER - > Oct 21 13:50:23 WINDOWSSERVER - > Oct 21 13:50:23 WINDOWSSERVER - > > No log data at all, just timestamp and the name of the Windows server sending > the data. > > > > Oct 18 13:10:42 windowsserver.company.com : > > > 10:41,Renew,172.22.24.19,android-eb545ee5cd9f7ae3.company.com,60A44C81 > > > D779,,2242570168,0,,,#015 > > > > > > Each log line is spread over two lines, seemingly at recurring > > > intervals. There are also spaces inserted, ie "13:10:41" is logged as > > "13: 10:41". > > > > The output you pasted here is generated by a third-party tool, not > > nxlog. > > It's from our Linux server running rsyslog 7.2.3. > > > You can redirect the output to a file to see what format the om_tcp > > would send, just as you did. > > Your syslog receiver probably needs proper syslog format, either > > to_syslog_bsd() or ietf. > > I tried using to_syslog_bsd and this is the result: > > Oct 21 13:49:20 windowsserver.company.com WINDOWSSERVER#015 > Oct 21 13:49:24 windowsserver.company.com WINDOWSSERVER#015 > Oct 21 13:49:24 windowsserver.company.com WINDOWSSERVER#015 > Oct 21 13:49:24 windowsserver.company.com WINDOWSSERVER#015 > Oct 21 13:49:25 windowsserver.company.com WINDOWSSERVER#015 > Oct 21 13:49:25 windowsserver.company.com WINDOWSSERVER#015 > Oct 21 13:49:25 windowsserver.company.com WINDOWSSERVER#015 > Oct 21 13:49:25 windowsserver.company.com WINDOWSSERVER#015 > Oct 21 13:49:25 windowsserver.company.com WINDOWSSERVER#015 > Oct 21 13:49:25 windowsserver.company.com WINDOWSSERVER#015 > > No log data there either. I'm not sure where the problem is, it looks like > the rsyslog server discards the log data? > > Cheers, > Daniel > > > ------------------------------------------------------------------------------ > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk > _______________________________________________ > nxlog-ce-users mailing list > nxlog-ce-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
