Hi, Conversion should happen as early as possible, so the multiline extension instance would be the place. Unfortunately both the xm_multiline and the default linebased parser are expecting single by CR or CRLF.
Another ugly temporary solution could be to define the HeaderLine as a hex bytestring using \xXX. Regarding piping, it would be possible to output to a local tcp socket which is read by another im_tcp module but again this is pretty ugly too. The example shown in the reference manual for MSSQL server ERRORLOG is also an ugly hack that works. We are aware that there should be a better solution to handle multi-byte character sets. This is issue has been sitting in the queue for quite some time. Regards, Botond On Wed, 27 Nov 2013 18:57:15 +0000 "Mitzimberg, Justin" <justin.mitzimb...@portofportland.com> wrote: > MSSQL error logs are encoded in UCS-2LE and some events are multi-line. I > attempted the following: > > <Extension mssql_multiline> > Module xm_multiline > HeaderLine /^\d\d\d\d-\d\d-\d\d/ > </Extension> > > <Input mssql> > Module im_file > File "C:\Path\To\MSSQL\ERROLOG" > InputType mssql_multiline > Exec $raw_event = convert($raw_event,"ucs-2le","utf-8"); if > $raw-event == "" drop(); > </Input> > > This doesn't work. The convert() apparently happens after the multi-line > parser and therefore it never detects the header line as I've defined it. I > tried putting the convert () in different places, including in the > <Extension> block, but nothing was successful? Do I need to > > How do I read in multi-line events that encoded in another format? Do I need > to convert the HeaderLine to hex encoded UCS-2LE? > > Is there a way to chain inputs together? Have the first input read the file > and convert it then pipe that to another input that reads it in as multi-line? > > Justin Mitzimberg, CISSP-ISSAP > Security Engineer > Port of Portland > P: 503-415-6734 > justin.mitzimb...@portofportland.com<mailto:justin.mitzimb...@portofportland.com> > ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
