windows event log formatting issues
Greenwich Mean Time (Daniel)
Hi, I have a bit of an unconventional setup where I collect windows logs on one server, I then send these logs to another nxlog server via om_tcp. With the outputType GELF_TCP. From this second nxlog server, I then forward the logs to a graylog server using om_udp and outputType GELF_UDP. But the problem is that graylog seems to receive one message for each row in the windows log full message. If I instead forward directly from nxlog to graylog without the second nxlog-server inbetween, they arrive in the correct format. But I really need the other setup to work. Is there something I need to consider when it comes to formatting when first forwarding the logs to a second nxlog-server and then to the graylog server from there?
