I have been trying to get NXLog to send Syslog entries from the Teamviewer "Connections_incoming.txt" log file. It is a tab delimited file. I found this site which supplied the basic code for the task: https://gist.github.com/idefux/949e84c8ec8d4db1775c which i couldn't get working as expected. To cut a long story short, i have discovered that the $raw_event is often blank, so the Syslog entries do not contain the necessary information. I have tried to google this issue, but i have not been able to find the information to figure this one out. There has been times when $raw_event did contain the information required from the original log file, but it is not reliable. Can someone please give me some suggestions on how to get information into the $raw_event function?

On the positive side, i do get a reliable Syslog entry whenever someone accesses the computer through Teamviewer. Using the code below, i get the message "Teamviewer Login Event"

Below is my current configuration. The if-else statement is designed to be as simple as possible to try fault-find the issue

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log

<Extension _syslog> Module xm_syslog </Extension>

<Input in_teamviewer> Module im_file File 'c:\Program Files (x86)\TeamViewer\Connections_incoming.txt' SavePos TRUE ReadFromLast TRUE PollInterval 10 <Exec> $Hostname = hostname(); $SeverityValue = 5; $MessageSourceAddress = hostname(); $SyslogFacilityValue = 4; $SourceName = 'TeamViewer'; $EventTime = parsedate($5 + '-' + $4 + '-' + $3 + ' ' + $6); $user = $2; if ($raw_event == '') $Message = $raw_event + "Teamviewer Login Event"; else $Message = $raw_event + '['+ file_name() + ']'; to_syslog_bsd(); </Exec> </Input>

<Output out_syslog> Module om_udp Host localhost Port 514 </Output>

<Route 1> Path in_teamviewer => out_syslog </Route>