David thank you for your help I already solve the problem.
This message is part of the syslog tag: MSWinEventLog 0 Security 957 Fri So i just use this command to extract the security field. syslogtag:F:3. Again thank your for all your help Cheers Jong -- View this message in context: http://rsyslog-rsyslog-users.1305293.n2.nabble.com/Please-help-with-Snare-Format-tp7579234p7579247.html Sent from the rsyslog -- rsyslog-users mailing list archive at Nabble.com. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
