MSSQL error logs are encoded in UCS-2LE and some events are multi-line. I
attempted the following:
<Extension mssql_multiline>
Module xm_multiline
HeaderLine /^\d\d\d\d-\d\d-\d\d/
</Extension>
<Input mssql>
Module im_file
File "C:\Path\To\MSSQL\ERROLOG"
InputType mssql_multiline
Exec $raw_event = convert($raw_event,"ucs-2le","utf-8"); if
$raw-event == "" drop();
</Input>
This doesn't work. The convert() apparently happens after the multi-line parser
and therefore it never detects the header line as I've defined it. I tried
putting the convert () in different places, including in the <Extension> block,
but nothing was successful? Do I need to
How do I read in multi-line events that encoded in another format? Do I need to
convert the HeaderLine to hex encoded UCS-2LE?
Is there a way to chain inputs together? Have the first input read the file and
convert it then pipe that to another input that reads it in as multi-line?
Justin Mitzimberg, CISSP-ISSAP
Security Engineer
Port of Portland
P: 503-415-6734
justin.mitzimb...@portofportland.com<mailto:justin.mitzimb...@portofportland.com>
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
