1
response

How can nxlog for windows be configured to send timestamp in high-precision forwarding format?

Similar to the RSYSLOG_ForwardFormat high-precision timestamps including year with timezone UTC offset information.

For example:

2017-08-22T18:36:28.568230+00:00

 

It is currently just being sent with ONLY Mon day hour:min:sec 

<14>Aug 22 15:16:46 Win7Prox64 MSWinEventLog 1 System 2 Tue Aug 22 15:16:46 2017 7036 Service Control Manager N/A N/A Information Win7Prox64 N/A The nxlog service entered the running state. 170362

Thanks!

AskedAugust 22, 2017 - 9:41pm

Answer (1)

The above format is BSD Syslog (RFC3164). Using a different timestamp there would break the format which could result in some devices refusing to accept/parse the log.

I suggest going with to_syslog_ietf() which generates the timestamp you need.

Otherwise if you still insist on using the BSD syslog you can construct it manually with something like this:

Exec $raw_event = '<14>' + strftime($EventTime, 'YYYY-MM-DDThh:mm:ss.sUTC') + ' ' + $Hostname + ' ' + $Message;

Note that the 'YYYY-MM-DDThh:mm:ss.sUTC' format string and the DateFormat configuration option that supports this are EE only for now.