1
response

Hello:

I have a week trying to replace the default TAB delimiter for comma, so far I got this:

<Extension _syslog>
    Module      xm_syslog
    Delimiter   ,
</Extension>

<Input in>
    Module      im_msvistalog
</Input>

<Output out>
    Module      om_tcp
    Host        192.168.1.2
    Port        514
    Exec        to_syslog_snare();
</Output>

<Route 1>
    Path        in => out
</Route>

I also try changing , for 0x2C Sadly doesn't work, all I can see is the delimiter change for a extrange character . I'm using the latest community version. I really hope that someone help me with a clear answer.

AskedFebruary 8, 2018 - 5:41am

Answer (1)

I don't think Delimiter is a valid configuration option for xm_syslog. As suggested before there is a SnareDelimiter configuration option supported by the NXLog EE.

Alternatively you can use the following with the NXLog CE to manually replace the tabs:

Exec to_syslog_snare(); $raw_event = replace($raw_event, "\t", ';');