Nxlog Multiline Input to 1 Syslog Message
Tags:
#1
dnhphuc
Hi all,
I'm using nxlog to send CAS audit log to our syslog server. Each entry in the text file looks similar to this as below:
2019-08-28 14:33:58,959 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: user1
WHAT: ST-65-eMcuA7IeZWYUYPldhgaT-11 for https://test.com.vn/news/
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Aug 28 14:33:58 ICT 2019
CLIENT IP ADDRESS: x.x.x.x
SERVER IP ADDRESS: x.x.x.x
=============================================================
I want to combine these multiple lines to 1 line and I've read some of the documentation on nxlog's website regarding multiline but haven't found a specific config to put them all in 1 entry with a syslog header. Is there any solution for nxlog conf to work with this kind of multiline message? Thanks
I'm using nxlog to send CAS audit log to our syslog server. Each entry in the text file looks similar to this as below:
2019-08-28 14:33:58,959 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: user1
WHAT: ST-65-eMcuA7IeZWYUYPldhgaT-11 for https://test.com.vn/news/
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Aug 28 14:33:58 ICT 2019
CLIENT IP ADDRESS: x.x.x.x
SERVER IP ADDRESS: x.x.x.x
=============================================================
I want to combine these multiple lines to 1 line and I've read some of the documentation on nxlog's website regarding multiline but haven't found a specific config to put them all in 1 entry with a syslog header. Is there any solution for nxlog conf to work with this kind of multiline message? Thanks
#2
JacobY
#1
dnhphuc
Hi all,
I'm using nxlog to send CAS audit log to our syslog server. Each entry in the text file looks similar to this as below:
2019-08-28 14:33:58,959 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: user1
WHAT: ST-65-eMcuA7IeZWYUYPldhgaT-11 for https://test.com.vn/news/
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Aug 28 14:33:58 ICT 2019
CLIENT IP ADDRESS: x.x.x.x
SERVER IP ADDRESS: x.x.x.x
=============================================================
I want to combine these multiple lines to 1 line and I've read some of the documentation on nxlog's website regarding multiline but haven't found a specific config to put them all in 1 entry with a syslog header. Is there any solution for nxlog conf to work with this kind of multiline message? Thanks
To replace newlines, tabs and carriage returns with blanks, try adding this to the Output section: Exec $Message = replace($Message, "\t", " "); $Message = replace($Message, "\n", " "); $Message = replace($Message, "\r", " ");
Or if you want to apply it to the raw log, you can also try this in the Output section instead: $raw_event = replace($raw_event, "\r", " ");
