Change tab for comma

Post a different question

2
responses

_omar_

Hi. I try to send windows events, How can I change the default separator field (tab) for comma?

AskedJanuary 25, 2018 - 4:46am

Answer the question
Leave a comment

Answer (1)

b0ti

I assume you are looking for the SnareDelimiter configuration option.

AnsweredJanuary 25, 2018 - 10:57am

Leave a comment

Comments (1)

_omar_

Leave a comment

Hello,

Well I try whit this conf file:

> <Extension _syslog>
>     Module      xm_syslog
>   Delimiter   ','
> </Extension>
> 
> <Input in>
>     Module      im_msvistalog
> </Input>
> 
> <Output out>
>     Module      om_tcp
>     Host        10.226.6.215
>     Port        514   
>     Exec        to_syslog_snare();
> </Output>
> 
> <Route 1>
>     Path        in => out
> </Route>

but doesn't work.

February 3, 2018 - 12:32am

You are here

Change tab for comma

Answer (1)

Comments (1)