[nxlog-ce-users] im_msvistalog Keywords data type

Dhruv Ahuja Fri, 29 Aug 2014 06:24:50 -0700

Hi All,

I'm facing some issues with the large hexadecimal values in the Keywords
field of im_msvistalog input module. A typical value from a real system is
0x8080000000000000 which exceeds the upper limit of Long data type in Java
[and gets overflowed]. Moreover, any intermediate tools/scripts/parsers
using formats like JSON simply throw an exception.


It says in NXLOG documentation that this field is an Integer [1] and makes
a reference to 'EvtSystemKeywords'. EvtSystemKeywords says it's a
'EvtVarTypeHexInt64' type [2].

I'm very new to NXLOG so am wondering if there's a way I can force this
field to be a String. Else considering dropping it altogether at Logstash.


Thanks,
new23d


[1]
http://nxlog-ce.sourceforge.net/nxlog-docs/en/nxlog-reference-manual.html#im_msvistalog
[2]
http://referencesource.microsoft.com/#System.Core/Microsoft/Win32/UnsafeNativeMethods.cs

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/

_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users

[nxlog-ce-users] im_msvistalog Keywords data type

Reply via email to