On Tue, 5 Mar 2019, FONT Olivier via rsyslog wrote:
Hello everyone, I just installed and configured my rsyslog client on a windows machine. Logs are well sent to my log correlator but the taxonomy cannot be done because the correlator logs expects a snare format. I have found how to re-format the log message on the rsyslog message but nothing to replace several space by tab. Can rsyslog client for windows generates message on snare format? If yes, how can I configure it?
probably, you would need to setup a template for your output. you will also need to increase your maxmessagesize to allo for that.
I am not that familiar with how the logs that rsyslog gets directly from windows look, so I don't know ho you would parse them to then assemble them into snare format (and for that matter, I would have to do research to find what snare format is)
you would probably be better off finding if the correlator supports some other format.
David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
