I have to retain the new lines in a syslog.  I'm using NXLog to send logs from my laptop to a test syslog server.  I'm currently using the following:

<Extension _syslog>

    Module      xm_syslog

</Extension>


<Input in>

    Module      im_msvistalog

Exec to_syslog_ietf();

</Input>


<Processor rewrite>

    Module      pm_null

Exec        $Message = $EventID + "|" + $EventType + "|" + $Hostname + "|" + $SourceName + "|" + $AccountName + "|" + $AccountType + "|" + $Domain + "|" + $UserID + "|" + $raw_event;

</Processor>


<Output out>

    Module      om_udp

    Host        192.168.100.33

    Port        514

    #Exec        to_syslog_bsd();

</Output>


<Route 1>

    Path        in => rewrite => out

</Route>

I can get the logs to send with the \r\n intact is to remove the Exec to_syslog_snare(), then I loose all the other details about the log such as event id etc.  So I thought ok I'll construct my own by using Exec $Message = all the data fields I want....this doesn't work...so then I started playing with to_syslog_ieft and to_syslog_bsd() and they both strip out new lines.

What am I doing wrong?