Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.
Windows eventlog message fail to include a PID in the syslog header.
erempel created
I am using a config of
Output syslog1>
Module om_tcp
Host syslog.server.name
Port 6514
Exec to_syslog_ietf();
OutputType Syslog_TLS
</Output>
and a source of
<Input eventlog_application>
Module im_msvistalog
Query <QueryList>
<Query Id="0">
<Select Path="Application">*</Select>
</Query>
</QueryList>
<Exec>
$Message = 'EventID[' + $EventID + '] Log[' + $Channel + '] Type[' + $EventType + '] Domain[' + $Domain + '] User[' + $AccountName + '] ' + $Message;
$SyslogFacilityValue = 3;
</Exec>
</Input>
but when the message arrives as the syslog server the ident field does NOT include the PID. I expaect something like
SourceName[PID]: the text of the message
but what I get is
SourceName: the text of the message
How can I get the PID of the SourceName?
erempel created
