That didn't seem to work, i cant get it to work. Here is an example of an
output message:
An account was logged off. Subject: #011Security
ID:#011#011S-1-5-21-1859942413-378948228-1707219080-500 #011Account
Name:#011#011UsernameHere #011Account Domain:#011#011DB #011Logon
ID:#011#0110x434aea2 Logon Type:#011#011#0113 This event is generated when
a logon session is destroyed. It may be positively correlated with a logon
event using the Logon ID value. Logon IDs are only unique between reboots
on the same computer.#015
Here is my new config:
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension syslog>
Module xm_syslog
</Extension>
<Extension exec>
Module xm_exec
</Extension>
<Input internal>
Module im_internal
</Input>
<Input eventlog>
Module im_msvistalog
</Input>
<Processor norepeat>
Module pm_norepeat
CheckFields Hostname, SourceName, Message
</Processor>
<Output out>
Module om_tcp
Host x.x.x.x
port 514
Exec if $raw_event =~ s/#011//g {};
Exec if $raw_event =~ s/#015//g {};
Exec to_syslog_ietf();
</Output>
<Route 1>
Path internal, eventlog => norepeat => out
</Route>
On Thu, Sep 18, 2014 at 8:17 AM, Cyril SANTUNE <cyril.sant...@gmail.com>
wrote:
> Do you mean a tabulation char ?
>
> If so, you can use this following command before "Exec
> to_syslog_ietf();" to replace tabulation by space.
> Exec if $raw_event =~ s/\t/ /g {}
>
> Regards,
> Cyril
>
> On Wed, Sep 17, 2014 at 8:46 PM, Scott H <scott.harps...@gmail.com> wrote:
> > Does nxlog have a way to remove these before pushing out to my syslog
> > server. My syslog can remove them but wanted to know if i could it on the
> > senders side.
> >
> > Here is my config.
> > <Extension syslog>
> > Module xm_syslog
> > </Extension>
> >
> > <Input internal>
> > Module im_internal
> > </Input>
> > <Input eventlog>
> > Module im_msvistalog
> > </Input>
> >
> > <Processor norepeat>
> > Module pm_norepeat
> > CheckFields Hostname, SourceName, Message
> > </Processor>
> >
> > <Output out>
> > Module om_tcp
> > Host x.x.x.x
> > port 514
> > Exec to_syslog_ietf();
> > </Output>
> > <Route 1>
> > Path internal, eventlog => norepeat => out
> > </Route>
> >
> >
> ------------------------------------------------------------------------------
> > Want excitement?
> > Manually upgrade your production database.
> > When you want reliability, choose Perforce
> > Perforce version control. Predictably reliable.
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
> > _______________________________________________
> > nxlog-ce-users mailing list
> > nxlog-ce-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
> >
>
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
