Insert custom text into log (raw event) | Log collection solutions

#1 MAXIMUSLOLOL 7 months ago (Last updated 7 months ago )

Hi,

I am trying to insert a custom, static text into the raw event (so that the output has the custom text + the log). However, it refuses to work. The log output is the same whether I add or remove my exec $raw_event

My config input and output look like this:



 <Input in>
     Module      im_msvistalog
   <QueryXML>
      <QueryList>
         <Query Id='0'>
            <Select Path='System'>*</Select>
            <Select Path='Application'>*</Select>
            <Select Path='Security'>*</Select>
         </Query>
      </QueryList>
   </QueryXML>
	 Exec $raw_event = "STATIC CONTENT" + $raw_event;

 </Input>
 


 <Output out>
     Module      om_udp
     Host        XX.XX.XX.XX
     Port        514
     Exec        to_syslog_snare();
 </Output>


 <Route 1>
     Path        in => out
 </Route>

Logs:

2025-02-12 11:09:20 INFO nxlog-ce-3.2.2329 started

Permalink

#2 MAXIMUSLOLOL 7 months ago

Found the issue.

This:

Exec $raw_event = "STATIC CONTENT" + $raw_event;

Should be placed under the convertion to syslog.

Exec        to_syslog_snare();