Hello: I have a week trying to replace the default TAB delimiter for comma, so far I got this: Module xm_syslog Delimiter , Module im_msvistalog Module om_tcp Host 192.168.1.2 Port 514 Exec to_syslog_snare(); Path in => out I also try changing , for 0x2C Sadly doesn't work, all I can see is the delimiter change for a extrange character . I'm using the latest community version. I really hope that someone help me with a clear answer.

I don't think Delimiter is a valid configuration option for xm_syslog. As suggested before there is a SnareDelimiter configuration option supported by the NXLog EE.

Alternatively you can use the following with the NXLog CE to manually replace the tabs:

Exec to_syslog_snare(); $raw_event = replace($raw_event, "\t", ';');