Split message, each new line '\n' with syslog header
Tags:
#1
RAZR
Hello guys, please help to split MESSAGE to seperate events with syslog_bsd headers.
config example:
<Extension csv_parser>
Module xm_csv
Fields DisplayName, EmailAddress, Department, Title, Description, SamAccountName,EmployeeNumber,PasswordLastSet,LastLogonDate,enabled
FieldTypes string,string,string,string,string,string,string,string,string,string
</Extension>
Exec $msg1 = ($SamAccountName + " | -DisplayName | " + $DisplayName);
Exec $msg2 = ($SamAccountName + " | -EmailAddress | " + $EmailAddress);
Exec $msg3 = ($SamAccountName + " | -Department | " + $Department);
Exec $msg4 = ($SamAccountName + " | -Title | " + $Title);
Exec $msg5 = ($SamAccountName + " | -Description | " + $Description);
Exec $msg6 = ($SamAccountName + " | -SamAccountName | " + $SamAccountName);
Exec $msg7 = ($SamAccountName + " | -EmployeeNumber | " + $EmployeeNumber);
Exec $msg8 = ($SamAccountName + " | -PasswordLastSet | " + $PasswordLastSet);
Exec $msg9 = ($SamAccountName + " | -LastLogonDate | " + $LastLogonDate);
Exec $msg10 = ($SamAccountName + " | -enabled | " + $enabled);
Exec $raw_event = $msg1 + "\n" + $msg2 + "\n" + $msg3 + "\n" + $msg4 + "\n" + $msg5 + "\n" + $msg6 + "\n" + $msg7 + "\n" + $msg8 + "\n" + $msg9 + "\n" + $msg10 + "\n";
So the ouput like:
Administrator | -DisplayName |
Administrator | -EmailAddress | admin@gmail.com
Administrator | -Department |
Administrator | -Title |
Administrator | -Description | Built-in account for administering the computer/domain
Administrator | -SamAccountName | Administrator
Administrator | -EmployeeNumber |
Administrator | -PasswordLastSet | 2/21/2019 1:57:37 PM
Administrator | -LastLogonDate | 2/21/2019 2:08:51 PM
Administrator | -enabled | True
How to add syslog header <PRI>TIMESTAMP HOSTNAME TAG[PID]: before each line and send to syslog as seperate messages?
If I use to_syslog_bsd(); lines merges into one event
#1
RAZR
Hello guys, please help to split MESSAGE to seperate events with syslog_bsd headers.
config example:
<Extension csv_parser>
Module xm_csv
Fields DisplayName, EmailAddress, Department, Title, Description, SamAccountName,EmployeeNumber,PasswordLastSet,LastLogonDate,enabled
FieldTypes string,string,string,string,string,string,string,string,string,string
</Extension>
Exec $msg1 = ($SamAccountName + " | -DisplayName | " + $DisplayName);
Exec $msg2 = ($SamAccountName + " | -EmailAddress | " + $EmailAddress);
Exec $msg3 = ($SamAccountName + " | -Department | " + $Department);
Exec $msg4 = ($SamAccountName + " | -Title | " + $Title);
Exec $msg5 = ($SamAccountName + " | -Description | " + $Description);
Exec $msg6 = ($SamAccountName + " | -SamAccountName | " + $SamAccountName);
Exec $msg7 = ($SamAccountName + " | -EmployeeNumber | " + $EmployeeNumber);
Exec $msg8 = ($SamAccountName + " | -PasswordLastSet | " + $PasswordLastSet);
Exec $msg9 = ($SamAccountName + " | -LastLogonDate | " + $LastLogonDate);
Exec $msg10 = ($SamAccountName + " | -enabled | " + $enabled);
Exec $raw_event = $msg1 + "\n" + $msg2 + "\n" + $msg3 + "\n" + $msg4 + "\n" + $msg5 + "\n" + $msg6 + "\n" + $msg7 + "\n" + $msg8 + "\n" + $msg9 + "\n" + $msg10 + "\n";
So the ouput like:
Administrator | -DisplayName |
Administrator | -EmailAddress | admin@gmail.com
Administrator | -Department |
Administrator | -Title |
Administrator | -Description | Built-in account for administering the computer/domain
Administrator | -SamAccountName | Administrator
Administrator | -EmployeeNumber |
Administrator | -PasswordLastSet | 2/21/2019 1:57:37 PM
Administrator | -LastLogonDate | 2/21/2019 2:08:51 PM
Administrator | -enabled | True
How to add syslog header <PRI>TIMESTAMP HOSTNAME TAG[PID]: before each line and send to syslog as seperate messages?
If I use to_syslog_bsd(); lines merges into one event
Hello,
Currently this is not possible in an easy to configure setup and workarounds are a bit clunky. The feature is scheduled for a future version of NXLog EE though.
Please see the following post for some suggestions :
https://nxlog.co/question/4524/splitting-long-log-messages
