Hey Guys, we are trying to send out our Windows DHCP logs which requires us to massage the log before we can send it out to the remote server. Afraid I am not able to get the CSV Parser running, so far only the drop logic works, the intended output $Message does not come up in our output ` Panic Soft #NoFreeOnExit TRUE define ROOT C:\Program Files\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf\nxlog.d define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE% Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data Module xm_syslog Module xm_charconv AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32, UCS-2LE Module xm_csv Fields ID, Date, Time, Description, IPAddress, Hostname, MACAddress, \ UserName, TransactionID, QResult, ProbationTime, CorrelationID, \ DHCID, VendorClassHex, VendorClassASCII, UserClassHex, \ UserClassASCII, RelayAgentInformation, DnsRegError Module xm_exec Module im_file File "C:\Windows\System32\dhcp\DhcpSrvLog-*.log" ReadFromLast TRUE SavePos TRUE # Only process lines that begin with an event ID if $raw_event =~ /^\d+,/ { dhcp_csv_parser->parse_csv(); $QResult = integer($QResult); if $QResult == 0 $QMessage = "NoQuarantine"; else if $QResult == 1 $QMessage = "Quarantine"; else if $QResult == 2 $QMessage = "Drop Packet"; else if $QResult == 3 $QMessage = "Probation"; else if $QResult == 6 $QMessage = "No Quarantine Information"; $EventTime = strptime($Date + ' ' + $Time, '%m/%d/%y %H:%M:%S'); $ID = integer($ID); $ColonMAC = $MACAddress; if $ColonMAC =~ /^([0-9a-fA-F]{2})([0-9a-fA-F]{2})([0-9a-fA-F]{2})([0-9a-fA-F]{2})([0-9a-fA-F]{2})([0-9a-fA-F]{2})$/ { $ColonMAC = $1 + ":" + $2 + ":" + $3 + ":" + $4 + ":" + $5 + ":" + $6; } # DHCP Event IDs if $ID == 0 $Message = "The log was started."; else if $ID == 1 $Message = "The log was stopped."; else if $ID == 2 $Message = "The log was temporarily paused due to low disk space."; else if ($ID >= 10 and $ID = 20 and $ID = 50 and $ID < 1000) $Message = "Codes above 50 are used for Rogue Server Detection " + "information."; else drop(); } Module om_udp Host 172.16.10.42 Port 514 OutputType LineBased Path ionnet_DHCPlogs => out_ionnet_datacollector2 ` Input 30,04/05/22,16:04:58,DNS Update Request,10.41.22.51,P21023LAB.HEALTH.LOCAL,,,0,6,,,,,,,,,0 11,04/05/22,16:04:58,Renew,10.41.22.51,P2103LAB.HEALTH.LOCAL,98EECBDE1CDE,,179078305,0,,,,0x4D53465420352E30,MSFT 5.0,,,,0 32,04/05/22,16:04:58,DNS Update Successful,10.41.22.51,P2103LAB.HEALTH.LOCAL,,,0,6,,,,,,,,,0 Output 11,04/05/22,16:04:58,Renew,10.41.22.51,P2103LAB.HEALTH.LOCAL,98EECBDE1CDE,,179078305,0,,,,0x4D53465420352E30,MSFT 5.0,,,,0