#011 is an escaped tab, if you replace #011 with a column separator, everthing
should work
you can run them through sed s/"#011"/"\t"/g to put tabs back (replace \t with
whatever character you are looking for)
what format do you want the columns in? what are you doing with them?
another option is that you can use mmnormalize to parse these and assign each
chunk to a variable with the correct name. This should just be a single rule, I
don't know when I would have time to look at this, but I'll add it to my
(lengthy) to-do list.
David Lang
On Fri, 13 Sep 2013, Willen Borges Coelho wrote:
I use Nxlog-ce in our Windows servers, and he sent the logs to a server on port
514/udp Rsyslog.
Still in nxlog-ce use one flag to_syslog_snare (); to convert from EventsLog
Windows to syslog Linux.
I would like to retrieve the information in rsyslog that get together and put
them all in their respective columns, for example:
Sep 13 20:31:23
2013#0115156#011Microsoft-Windows-Security-Auditing#011N/A#011N/A#011AUDIT_SUCCESS#011server.localdomain.corpMore
Information#011Filtering Platform Connection#011#011The Windows Filtering
Platform has permitted a connection. Application Information: Process ID: 4
Application Name: System Network Information: Direction: Inbound Source
Address: 192.168.1.5More Information Source Port: 139 Destination Address:
192.168.125.19More Information {user.dhcp.s17.localdomain.corpMore Information}
Destination Port: 139 Protocol: 17 Filter Information: Filter Run-Time ID:
65766 Layer Name: Receive/Accept Layer Run-Time ID: 44#011N/A
The fields and values ??are joined by #011.
This information is saved in DB Postgresql, in the table SystemEvents.
Many Windows server information is lost because we cannot rank them, because
they are not in separate columns.
Can anyone help?
Regards,
Willen Borges Coelho
Analista de Tecnologia da Informa??o
Coordenadoria de Tecnologia da Informa??o
Ifes - Instituto Federal de Educa??o, Ci?ncia e Tecnologia do Esp?rito Santo
Campus Cachoeiro de Itapemirim
(28) 3526-9027
"Homens superficiais acreditam em sorte;
homens s?bios e fortes acreditam em causa e efeito."
(Ralph Waldo Emerson)
________________________________
Esta mensagem (incluindo anexos) cont?m informa??o confidencial destinada a um
usu?rio espec?fico e seu conte?do ? protegido por lei. Se voc? n?o ? o
destinat?rio correto deve apagar esta mensagem.
O emitente desta mensagem ? respons?vel por seu conte?do e endere?amento.
Cabe ao destinat?rio cuidar quanto ao tratamento adequado. A divulga??o,
reprodu??o e/ou distribui??o sem a devida autoriza??o ou qualquer outra a??o
sem conformidade com as normas internas do Ifes s?o proibidas e pass?veis de
san??o disciplinar, c?vel e criminal.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
