Hi,
I've want to include nxlog to send all Windows logs to syslog plus Microsoft-Windows-Windows Defender/Operational, however as "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog" doesn't seem to include "Microsoft-Windows-Windows Defender" it doesn't read that config in at start and send those Windows Defender logs.
I am trying to reduce the size of the message sent from my Windows event logs to graylog and I cannot for the life of me figuring out how tell it to drop certain fields
The only thing I can figure out is that i'm supposed to use delete() but how to use and where to place it in my config is very frustrating.
I'm currently using nxlog to filter and forward syslog: Source => Filter Logs on intermediate server with nxlog installed => forward udp 514 (syslog).
Config looks like the following:
Hi All,
Needed help with parsing/modify. Would greatly appreciate some direction. At the moment, I am parsing a plain-test log-file and sending to a remote server:
Jun 19 16:29:28 server12345 [...]
Jun 19 16:29:28 server12345 ---
Jun 19 16:29:27 server12345 [program.state :3371]
The above is what I get with parsing. I was hoping to make every line transform like this
Hello - new to nxlog. Trying to end nxlog process when EOF reached on input file. Any help appreciated.
Thanks,
Andrew