Hello,

I'm trying to send Windows events to two different syslog servers.

I have two output modules and one route. I see syslog packets getting sent to both collectors but the packets are not coming in the correct format

The configuration looks like

LogLevel INFO Logfile %LOGDIR%/nxlog.log

<Extension agent_managment> Module xm_soapadmin Connect 10.x.x.n Port 4041 SocketType SSL CAFile %CERTDIR%/agent-ca.pem AllowUntrusted FALSE RequireCert TRUE <ACL conf> Directory %CONFDIR% AllowRead TRUE AllowWrite TRUE </ACL> <ACL cert> Directory %CERTDIR% AllowRead TRUE AllowWrite TRUE </ACL> </Extension>

<Extension Extension_json> Module xm_json </Extension>

<Input eventlog> Module im_msvistalog SavePos TRUE ReadFromLast TRUE Exec if ($EventID == 5156) drop(); </Input>

<Input internal_mod> Module im_internal </Input>

<Output out> Module om_tcp Host 10.x.x.a Port 514 OutputType LineBased <Exec> $Hostname = string(host_ip()); to_syslog_ietf(); parse_syslog(); $Message = '@cee: ' + to_json(); to_syslog_bsd(); </Exec> </Output>

<Output outlcp> Module om_udp Host 10.x.x.b Port 514 OutputType Dgram Exec $Hostname = string(host_ip()); Exec to_syslog_snare();

</Output> <Route Syslog_lcp> Priority 1 Path eventlog, internal_mod => outlcp, out </Route>