Change tab for comma

Post a different question
2
responses

Hi. I try to send windows events, How can I change the default separator field (tab) for comma?

AskedJanuary 25, 2018 - 4:46am

Answer (1)

I assume you are looking for the SnareDelimiter configuration option.

AnsweredJanuary 25, 2018 - 10:57am

Comments (1)

  • _omar_'s picture

    Hello,

    Well I try whit this conf file:

    > <Extension _syslog>
>     Module      xm_syslog
>   Delimiter   ','
> </Extension>
> 
> <Input in>
>     Module      im_msvistalog
> </Input>
> 
> <Output out>
>     Module      om_tcp
>     Host        10.226.6.215
>     Port        514   
>     Exec        to_syslog_snare();
> </Output>
> 
> <Route 1>
>     Path        in => out
> </Route>

    but doesn't work.

    February 3, 2018 - 12:32am