Hello,
Thank you for your help Botond. With your advices it's now working very
well.
I put an extract of my config file, it might be useful for someone.
<Input in>
Module im_tcp
Host 192.168.0.10
Port 1514
InputType Binary
Exec if $raw_event =~ /^PROCESS1/ \
{\
$ProcessName="PROCESS1"; \
}\
if $raw_event =~ /^PROCESS2/ \
{\
$ProcessName="PROCESS2"; \
}\
if $raw_event =~ /^PROCESS3/ \
{\
$ProcessName="PROCESS3"; \
}\
if $raw_event =~ /^PROCESS4/ \
{\
$ProcessName="PROCESS4"; \
}\
if $raw_event =~ /^PROCESS5/ \
{\
$ProcessName="PROCESS5"; \
}\
if $raw_event =~ /^PROCESS6/ \
{\
$ProcessName="PROCESS6"; \
}\
if $raw_event =~ /^PROCESS7/ \
{\
$ProcessName="PROCESS7"; \
}\
</Input>
<Output out>
Module om_file
File ("%OUTDIR%\\" + strftime(now(), "%Y%m%d") + "_Open_"+ $ProcessName +
".txt")
</Output>
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
