Split message, each new line '\n' with syslog header

Tags:

#1 RAZR
Hello guys, please help to split MESSAGE to seperate events with syslog_bsd headers. config example: ``` Module xm_csv Fields DisplayName, EmailAddress, Department, Title, Description, SamAccountName,EmployeeNumber,PasswordLastSet,LastLogonDate,enabled FieldTypes string,string,string,string,string,string,string,string,string,string Exec $msg1 = ($SamAccountName + " | -DisplayName | " + $DisplayName); Exec $msg2 = ($SamAccountName + " | -EmailAddress | " + $EmailAddress); Exec $msg3 = ($SamAccountName + " | -Department | " + $Department); Exec $msg4 = ($SamAccountName + " | -Title | " + $Title); Exec $msg5 = ($SamAccountName + " | -Description | " + $Description); Exec $msg6 = ($SamAccountName + " | -SamAccountName | " + $SamAccountName); Exec $msg7 = ($SamAccountName + " | -EmployeeNumber | " + $EmployeeNumber); Exec $msg8 = ($SamAccountName + " | -PasswordLastSet | " + $PasswordLastSet); Exec $msg9 = ($SamAccountName + " | -LastLogonDate | " + $LastLogonDate); Exec $msg10 = ($SamAccountName + " | -enabled | " + $enabled); Exec $raw_event = $msg1 + "\n" + $msg2 + "\n" + $msg3 + "\n" + $msg4 + "\n" + $msg5 + "\n" + $msg6 + "\n" + $msg7 + "\n" + $msg8 + "\n" + $msg9 + "\n" + $msg10 + "\n"; ``` So the ouput like: ``` Administrator | -DisplayName | Administrator | -EmailAddress | admin@gmail.com Administrator | -Department | Administrator | -Title | Administrator | -Description | Built-in account for administering the computer/domain Administrator | -SamAccountName | Administrator Administrator | -EmployeeNumber | Administrator | -PasswordLastSet | 2/21/2019 1:57:37 PM Administrator | -LastLogonDate | 2/21/2019 2:08:51 PM Administrator | -enabled | True ``` How to add syslog header TIMESTAMP HOSTNAME TAG[PID]: before each line and send to syslog as seperate messages? If I use to_syslog_bsd(); lines merges into one event
#2 Zhengshi Nxlog ✓
#1 RAZR
Hello guys, please help to split MESSAGE to seperate events with syslog_bsd headers. config example: <Extension csv_parser> Module xm_csv Fields DisplayName, EmailAddress, Department, Title, Description, SamAccountName,EmployeeNumber,PasswordLastSet,LastLogonDate,enabled FieldTypes string,string,string,string,string,string,string,string,string,string </Extension> Exec $msg1 = ($SamAccountName + " | -DisplayName | " + $DisplayName); Exec $msg2 = ($SamAccountName + " | -EmailAddress | " + $EmailAddress); Exec $msg3 = ($SamAccountName + " | -Department | " + $Department); Exec $msg4 = ($SamAccountName + " | -Title | " + $Title); Exec $msg5 = ($SamAccountName + " | -Description | " + $Description); Exec $msg6 = ($SamAccountName + " | -SamAccountName | " + $SamAccountName); Exec $msg7 = ($SamAccountName + " | -EmployeeNumber | " + $EmployeeNumber); Exec $msg8 = ($SamAccountName + " | -PasswordLastSet | " + $PasswordLastSet); Exec $msg9 = ($SamAccountName + " | -LastLogonDate | " + $LastLogonDate); Exec $msg10 = ($SamAccountName + " | -enabled | " + $enabled); Exec $raw_event = $msg1 + "\n" + $msg2 + "\n" + $msg3 + "\n" + $msg4 + "\n" + $msg5 + "\n" + $msg6 + "\n" + $msg7 + "\n" + $msg8 + "\n" + $msg9 + "\n" + $msg10 + "\n"; So the ouput like: Administrator | -DisplayName | Administrator | -EmailAddress | admin@gmail.com Administrator | -Department | Administrator | -Title | Administrator | -Description | Built-in account for administering the computer/domain Administrator | -SamAccountName | Administrator Administrator | -EmployeeNumber | Administrator | -PasswordLastSet | 2/21/2019 1:57:37 PM Administrator | -LastLogonDate | 2/21/2019 2:08:51 PM Administrator | -enabled | True How to add syslog header <PRI>TIMESTAMP HOSTNAME TAG[PID]: before each line and send to syslog as seperate messages? If I use to_syslog_bsd(); lines merges into one event

Hello,

Currently this is not possible in an easy to configure setup and workarounds are a bit clunky. The feature is scheduled for a future version of NXLog EE though.

Please see the following post for some suggestions :
https://nxlog.co/question/4524/splitting-long-log-messages