Greetings All,

I'm attempting to collect logs from a Meditech server and having a bit of an issue getting the conf file working. Nxlog.log does not show an error but the conf is not writing to the output file..

 Typical log that will need to be parsed looks something like this(There is inconsistent spacing in the log):

[2024-06-020T04:03:52.593Z      maintenance  3  10152                -                                    -    Info] Beginning maintenance cycle...

And I'm attempting to parse and send it to a file with this:

#
# Configuration for converting and sending MediTech Logs
#
#Configure Root
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
#Load Modules
<Extension json>
Module      xm_json
</Extension>
<Extension syslog>
Module      xm_syslog
</Extension>
<Input internal>
Module      im_internal
</Input>
#######################################################################
MediTech
#######################################################################
Define the input source: MediTech logs
<Input MEDITECH_IN>
Module  im_file
File    "C:\MediTech\s1.log"
&lt;Exec&gt;
if $raw_event =~ /(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\]\s+(.*)$/
{
  $raw_event = "Time: " + $EventTime + "," + "C1: " + $2 + "," + "C2: " + $3 + "," + "C3: " + $4 + "," + "C4: " + $5 + "," + "C5: " + $6 + "," + "C6: " + $7;
}
&lt;/Exec&gt;

</Input>
Define the output destination: forwarding to a central syslog server
<Output MEDITECH_OUT>
Module om_file
File "C:\MediTech\s1_exec_out.txt"
Exec $Message = $raw_event;
</Output>
<Route MEDITECH>
Path MEDITECH_IN => MEDITECH_OUT
</Route>

Also, if I'm way off base with the parsing method please let me know.

Any assistance would be appreciated.