I have to retain the new lines in a syslog. I'm using NXLog to send logs from my laptop to a test syslog server. I'm currently using the following:
<Extension _syslog> Module xm_syslog </Extension> <Input in> Module im_msvistalog Exec to_syslog_ietf(); </Input> <Processor rewrite> Module pm_null Exec $Message = $EventID + "|" + $EventType + "|" + $Hostname + "|" + $SourceName + "|" + $AccountName + "|" + $AccountType + "|" + $Domain + "|" + $UserID + "|" + $raw_event; </Processor> <Output out> Module om_udp Host 192.168.100.33 Port 514 #Exec to_syslog_bsd(); </Output> <Route 1> Path in => rewrite => out </Route>
I can get the logs to send with the \r\n intact is to remove the Exec to_syslog_snare(), then I loose all the other details about the log such as event id etc. So I thought ok I'll construct my own by using Exec $Message = all the data fields I want....this doesn't work...so then I started playing with to_syslog_ieft and to_syslog_bsd() and they both strip out new lines.
What am I doing wrong?