Rainer Gerhards wrote: >> -----Original Message----- >> From: [email protected] [mailto:rsyslog- >> [email protected]] On Behalf Of Peter Macko >> Sent: Saturday, June 19, 2010 7:29 AM >> To: [email protected] >> Subject: [rsyslog] Windows-LogParser-TCP-RSyslog problem >> >> >> I am trying to configure central loghost RSyslog version 3.22.1 on >> CentOS 5.5 i386 to log windows workstations Event Logs. >> On the windows side I use LogParser 2.2. >> Everything works fine with UDP. When I swap to TCP, the first message >> is Ok, but next messages start with <14> and they do not separate, >> each message on new line. > > If I understand you correctly (and the samples seem to backup that view), > LogParser is broken. They need to fix their TCP framing. The can use either > NL after each message (industry standard) or octet-count based framing as > described in RFC5425.
Try NTSyslog. It mostly works well here. And it's free. http://ntsyslog.sourceforge.net/ -- MrD. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
