Can't get Windows Event logs to send to Syslog server with new lines intact
I have to retain the new lines in a syslog. I'm using NXLog to send logs from my laptop to a test syslog server. I'm currently using the following:
<Extension _syslog>
Module xm_syslog
</Extension>
<Input in>
Module im_msvistalog
Exec to_syslog_ietf();
</Input>
<Processor rewrite>
Module pm_null
Exec $Message = $EventID + "|" + $EventType + "|" + $Hostname + "|" + $SourceName + "|" + $AccountName + "|" + $AccountType + "|" + $Domain + "|" + $UserID + "|" + $raw_event;
</Processor>
<Output out>
Module om_udp
Host 192.168.100.33
Port 514
#Exec to_syslog_bsd();
</Output>
<Route 1>
Path in => rewrite => out
</Route>
I can get the logs to send with the \r\n intact is to remove the Exec to_syslog_snare(), then I loose all the other details about the log such as event id etc. So I thought ok I'll construct my own by using Exec $Message = all the data fields I want....this doesn't work...so then I started playing with to_syslog_ieft and to_syslog_bsd() and they both strip out new lines.
What am I doing wrong?
Linebreaks in syslog cause problems with TCP transport and are removed. We are planning to make this configurable.