"Exec convert_fields("AUTO", "utf-8");" not working.
Hello.
I like to collect Windows Event ID and send it to Linux Box. I installed "Syslog-NG" on Linux and it collect Windows Event Log very good but I have a problem about "Exec convert_fields("AUTO", "utf-8");". When I enable it in my config file then my "nxlog" can't send log!!!
My "nxlog" config is:
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/docs/
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension _syslog>
Module xm_syslog
AutodetectCharsets utf-8
</Extension>
<Input in>
Module im_msvistalog
# For windows 2003 and earlier use the following:
# Module im_mseventlog
Exec if $EventID NOT IN (4660, 4663) drop();
Exec convert_fields("AUTO", "utf-8");
</Input>
<Output out>
Module om_udp
Host 172.30.9.20
Port 514
Exec to_syslog_snare();
</Output>
<Route 1>
Path in => out
</Route>
Any idea?
Thank you.
I don't know how you ended up with the above (AutodetectCharsets moved into the xm_syslog block) but the original was this:
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension _charconv>
Module xm_charconv
AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
</Extension>
The above provides a reason why the configuration parser gives an error about Exec convert_fields("AUTO", "utf-8");
You should consider the following though:
- im_msvistalog provides logs in UTF-8. There shouldn't be any need to convert it.
- NXLog is available for Linux. Perhaps it might be a better choice to use the same software on both sides instead of using Syslog-ng there.
