Good Day, 

I installed nxlog to ready to ready my mssql errorlog file, and send it to graylog server, but for some reason the message is not coming complete,

here is my conf

I omitted the rest because it just the default configuration file 

<Extension charconv> 
   Module      xm_charconv
   AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32,UCS-2LE
</Extension> 

<Extension gelf>
   Module xm_gelf
</Extension>

<Input mssql_errorlog>
   Module      im_file
   File        "D:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Log\ERRORLOG"
</Input>

<Output graylog_udp>
   Module om_udp
   Host 10.0.1.208
   Port 12202
   OutputType    GELF_UDP
</Output>

<Route graylog_route_mssql_errorlog>
   Path mssql_errorlog => graylog_udp_204
</Route> 

This is the line in my ERRORLOG
 

2023-05-26 10:00:13.50 Logon       Login failed for user 'localnet\sqljobs'. Reason: Could not find a login matching the name provided. [CLIENT: <local machine>]
 

And this is the message i get in graylog

 

{
 "gl2_accounted_message_size": 242,
 "SourceModuleType": "im_file",
 "level": 6,
 "gl2_remote_ip": "10.0.1.239",
 "gl2_remote_port": 60459,
 "streams": [
   "000000000000000000000001"
 ],
 "gl2_message_id": "01H1C5R90HW9F49TPRA9XXQ93E",
 "source": "sql-dev",
 "message": "2\u00000\u00002\u00003\u0000-\u00000\u00005\u0000-\u00002\u00006\u0000 \u00001\u00000\u0000:\u00000\u00000\u0000:\u00001\u00003\u0000.\u00005\u00000\u0000 \u0000L\u0000o\u0000g\u0000o\u0000n",
 "gl2_source_input": "646f94d504777573d7d0c945",
 "EventReceivedTime": "2023-05-26 10:00:13",
 "SourceModuleName": "mssql_errorlog",
 "gl2_source_node": "332a47fa-bf25-4d8f-8e25-ce6dedb6a67a",
 "_id": "a2c1f101-fbcd-11ed-87a7-00505687667c",
 "timestamp": "2023-05-26T14:00:13.000Z"
}

 

And this is the result parsed by graylog

message : 2023-05-26 10:00:13.50 Logon

Any one has any idea what could be wrong?