On Thu, 10 Sep 2015, David Lang wrote:
On Thu, 10 Sep 2015, Muhammad Asif wrote:
Hi David,
Thanks for being so prompt helper and guider. We can not enforce windows
server 2012 to send logs in specific format.
But we solve the issue by using the following template.
$template msgonly,"%rawmsg%\n"
What else solution can be?
well, I don't know what your rawmsg looks like, so I can't say what's wrong
with it, but you probably should do something more than just send the rawmsg
on.
what software are you using on the windows 2012 servers to send the logs?
Microsoft doesn't include any software to do so that I am aware of.
If I had to guess, I would guess that you are using Snare to send the logs.
Snare has different settings, some of which are more syslog compliant than
others.
Besides the 'obvious' option of using the rsyslog windows agent, there's also
nxlog, which has it's own headaches in sending valid messages, but is FAR better
than Snare.
If I could see a sample raw message that you are getting, I could suggest a way
to create a format that would forward it in a syslog compliant form.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
