On 03/06/2015 01:15 PM, Botond Botyanszki wrote: > Probably many syslog implementations are able to parse it with double > digits but to not break standards compliance you should be only replacing > the second, i.e. the value in snare timestamp field.
I just came across this thread and am taking a stab at working around the issue with your suggestion. Of course it is after the 9th so I can't be sure it is working as it should. :) Is this correct? <Output out> Module om_tcp Host 1.2.3.4 Port 514 Exec to_syslog_snare();\ $EventTime=replace($raw_event,' ','0'); </Output> ------------------------------------------------------------------------------ _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
