Hi, Windows eventlog contains multi-line messages but the event data is properly retrieved when using im_msvistalog and there is no need to join these lines - unless you have this exported into a text file and want to reprocess that.
Regards, Botond On Thu, 16 Apr 2015 08:53:58 -0600 Scott H <scott.harps...@gmail.com> wrote: > This might be a dumb question, but adding on to the multiline, is this > recommended to be used on the common window event logs? > > On Thu, Apr 16, 2015 at 6:07 AM, Сергей Терещенков <serjio...@ya.ru> wrote: > > > Hello. > > > > Multiline ext "name" and InputType "type" must same. > > > > <Extension foobar> > > Module xm_multiline > > Headerline /^-./ > > </Extension> > > > > <Input bsi_watch> > > Module im_file > > File "D:\\ose\\log\\S.SI.*_*_*_*.log" > > SavePos TRUE > > InputType foobar > > Exec $source_server = 'Servername'; $source_file = file_name(); > > $message = $raw_event; to_json(); > > </Input> > > > > > Message: 5 > > > Date: Wed, 15 Apr 2015 19:53:59 +0000 > > > From: "Otterbein, Karl" <kotterb...@ise.com> > > > Subject: [nxlog-ce-users] Using nxlog > > > To: "'nxlog-ce-users@lists.sourceforge.net'" > > > <nxlog-ce-users@lists.sourceforge.net> > > > Message-ID: > > > < > > bd02f5dc8b26e94988a05471ef24599a630a6...@cc-exc01a.office.iseoptions.com> > > > > > > Content-Type: text/plain; charset="us-ascii" > > > > > > Hello- > > > > > > I'm looking to use the xm_multiline extension to try to concatinate log > > messages that all fall under the same headerline, but to this point have > > had little luck. All messages begin with either -E, -A, -W, -I, and all > > proceeding lines with "at" are part of the same message. > > > > > > Any assistance would be appreciated. > > > > > > Using nxlog.conf: > > > > > > ## This is a sample configuration file. See the nxlog reference manual > > about the > > > ## configuration options. It should be installed locally and is also > > available > > > ## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html > > > ## Please set the ROOT to the folder your nxlog was installed into, > > > ## otherwise it will not start. > > > #define ROOT C:\Program Files\nxlog > > > define ROOT C:\Program Files (x86)\nxlog > > > Moduledir %ROOT%\modules > > > CacheDir %ROOT%\data > > > Pidfile %ROOT%\data\nxlog.pid > > > SpoolDir %ROOT%\data > > > LogFile %ROOT%\data\nxlog.log > > > <Extension json> > > > Module xm_json > > > </Extension> > > > > > > <Extension syslog> > > > Module xm_syslog > > > </Extension> > > > <Extension charconv> > > > Module xm_charconv > > > AutodetectCharsets utf-8, euc-jp, utf-16, utf-32, iso8859-2 > > > </Extension> > > > > > > <Extension multiline> > > > Module xm_multiline > > > Headerline /^-./ > > > </Extension> > > > > > > <Input internal> > > > Module im_internal > > > Exec $Message = to_json(); > > > </Input> > > > > > > # Watch any file you'd like > > > <Input bsi_watch> > > > Module im_file > > > File "D:\\ose\\log\\S.SI.*_*_*_*.log" > > > SavePos TRUE > > > InputType LineBased > > > Exec $source_server = 'Servername'; $source_file = file_name(); > > $message = $raw_event; to_json(); > > > </Input> > > > <Output out> > > > Module om_tcp > > > Host 6.x.x.x > > > Port 5514 > > > </Output> > > > <Route 1> > > > Path internal, si_watch => out > > > </Route> > > > > > > example log: > > > > > > -E 03-25 04:37:16.477 10992 30 (ISE02E_50013) () GTS_ORA Exception > > while initializing ReferenceData. > > OSE.Library.ITF.ITFMessaging.MessageRequestTimeout: Message request timed > > out: sessId=I.B.ORA_13.3D3B01ECB, reqId=1 > > > at OSE.Library.RefData.Client.Singleton`1.Get(Originator orig) in > > D:\OSE_WD_I\OSE\library\ReferenceDataService\RefDataClient\Singleton.cs:line > > 93 > > > at > > OSE.Applications.Options.OrderRoutingSystem.ORS.ResourceManager..ctor() in > > D:\OSE_WD_IORS\OSE\Applications\Options\ORS\S-ORA\ResourceManager.cs:line > > 150 > > > at OSE.Applications.Options.OrderRoutingSystem.ORS.S_ORA.Init() in > > D:\OSE_WD_IORS\OSE\Applications\Options\ORS\S-ORA\S-ORA.cs:line 9160 > > > at OSE.Applications.Options.OrderRoutingSystem.ORS.S_ORA.Init() > > > at OSE.Library.SIFramework.AdapterBase.AdapterBase.SetTraceAndInit() > > > > > > ------------------------------ > > > > > > > > ------------------------------------------------------------------------------ > > > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > > > Develop your own process in accordance with the BPMN 2 standard > > > Learn Process modeling best practices with Bonita BPM through live > > exercises > > > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- > > event?utm_ > > > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > > > > > > ------------------------------ > > > > > > _______________________________________________ > > > nxlog-ce-users mailing list > > > nxlog-ce-users@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users > > > > > > End of nxlog-ce-users Digest, Vol 40, Issue 1 > > > ********************************************* > > > > > > ------------------------------------------------------------------------------ > > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > > Develop your own process in accordance with the BPMN 2 standard > > Learn Process modeling best practices with Bonita BPM through live > > exercises > > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- > > event?utm_ > > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > > _______________________________________________ > > nxlog-ce-users mailing list > > nxlog-ce-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users > > ------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
