nxlog high-precision timestamps with timezone UTC offset information

#1 tfarley@sevone.com 6 years ago

How can nxlog for windows be configured to send timestamp in high-precision forwarding format?

Similar to the RSYSLOG_ForwardFormat high-precision timestamps including year with timezone UTC offset information.

For example:

2017-08-22T18:36:28.568230+00:00

It is currently just being sent with ONLY Mon day hour:min:sec

<14>Aug 22 15:16:46 Win7Prox64 MSWinEventLog 1 System 2 Tue Aug 22 15:16:46 2017 7036 Service Control Manager N/A N/A Information Win7Prox64 N/A The nxlog service entered the running state. 170362

Thanks!

Permalink

#2 b0ti Nxlog ✓ 6 years ago (Last updated 6 years ago )

#1 tfarley@sevone.com

How can nxlog for windows be configured to send timestamp in high-precision forwarding format? Similar to the RSYSLOG_ForwardFormat high-precision timestamps including year with timezone UTC offset information. For example: 2017-08-22T18:36:28.568230+00:00 It is currently just being sent with ONLY Mon day hour:min:sec <14>Aug 22 15:16:46 Win7Prox64 MSWinEventLog 1 System 2 Tue Aug 22 15:16:46 2017 7036 Service Control Manager N/A N/A Information Win7Prox64 N/A The nxlog service entered the running state. 170362 Thanks! p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; background-color: #fef49c} span.s1 {font-variant-ligatures: no-common-ligatures}

The above format is BSD Syslog (RFC3164). Using a different timestamp there would break the format which could result in some devices refusing to accept/parse the log.

I suggest going with to_syslog_ietf() which generates the timestamp you need.

Otherwise if you still insist on using the BSD syslog you can construct it manually with something like this:

Exec $raw_event = '<14>' + strftime($EventTime, 'YYYY-MM-DDThh:mm:ss.sUTC') + ' ' + $Hostname + ' ' + $Message;

Note that the 'YYYY-MM-DDThh:mm:ss.sUTC' format string and the DateFormat configuration option that supports this are EE only for now.