1
answer

How to convert local time to UTC before sending logs to Logstash

I have the following output config:

 

<Output out>
    Module      om_tcp
    Host        10.36.52.62
    Port        12201
    Exec     $EventTime = strftime($EventTime, '%Y-%m-%d %H:%M:%S %Z'); \
                to_json();
</Output>

Which is sending the EventTime in the local time zone of the server. This is how it looks like at Logstash side:

AskedMarch 3, 2016 - 10:15am
1
answer

How to drop the incoming logs based on the severity

I am fairly new to nxlog. I am looking for a help to complete my task. How do i drop the log message based on log levels (severity). The incoming log messages have different log levels (debug, info, warning, error, critical).
For example, If i set severity as warning, the nxlog should drop info and debug log messages. Please provide some examples of nxlog.conf to make use of it.

Thanks for the help in advance.

AskedFebruary 29, 2016 - 12:53pm
1
answer

Specific windows event 1102 not getting UserData

Hi,

We have the following configuration for event id 1102 (eventlog cleared):

<Input clearev>
    Module      im_msvistalog
 Query   <QueryList>\
    <Query Id="3">\
     <Select Path="Security">*[System[(EventID=1102)]]</Select>\
           </Query>\
           </QueryList>
 Exec delete($Message);

AskedFebruary 29, 2016 - 10:45am
0
answers

Log on papertrailapp from Windows 10

I have change the conf file like said in the papertrailapp but i don't receive any log from Windows 10. I have stop and start the service but nothing is received.

AskedFebruary 28, 2016 - 7:27pm
1
answer

Filter out all messages, but the ones we want

Hello,

I have a config that I thought would work, but it does not.  I would like to have the syslog service only send specific messages it finds in the log file and ignore all other and not send them to the syslog server.  Her is the config I currently have, but it seems to be sending everything.  Any help would be great.

<Input watchfile_m_LOGFILENAME>

AskedFebruary 23, 2016 - 6:03pm

Pages