nxlog does not seem to send Microsoft DNS logs properly to syslog
Tags:
Microsoft DNS
#1
hybrid
Does anyone have nxlog usefully sending Microsoft DNS logs?
I have logging turned on, and I have tried with and without the details option checked.
Using it without the details is probably enough for us right now, as it shows the source and the requested URL.
However, when sent to syslog, only a blank line is sent.
The file output looks like below. The issue may be the space between each line?
8/12/2016 12:58:43 PM 0AE0 PACKET 000000F7524D7120 UDP Rcv x.x.x.x 5a68 Q [0001 D NOERROR] A (5)ctldl(13)windowsupdate(3)com(0)
8/12/2016 12:58:47 PM 0AE0 PACKET 000000F75221C070 UDP Rcv x.x.x.x 5a68 Q [0001 D NOERROR] A (5)ctldl(13)windowsupdate(3)com(0)
Any ideas?
#1
hybrid
Does anyone have nxlog usefully sending Microsoft DNS logs?
I have logging turned on, and I have tried with and without the details option checked.
Using it without the details is probably enough for us right now, as it shows the source and the requested URL.
However, when sent to syslog, only a blank line is sent.
The file output looks like below. The issue may be the space between each line?
8/12/2016 12:58:43 PM 0AE0 PACKET 000000F7524D7120 UDP Rcv x.x.x.x 5a68 Q [0001 D NOERROR] A (5)ctldl(13)windowsupdate(3)com(0)
8/12/2016 12:58:47 PM 0AE0 PACKET 000000F75221C070 UDP Rcv x.x.x.x 5a68 Q [0001 D NOERROR] A (5)ctldl(13)windowsupdate(3)com(0)
Any ideas?
You can get rid if the blank lines with this:
Exec if $raw_event =~ /^\s*$/ drop();
