4
responses
responses
Answer (1)
tape (account cancelled)
Hello,
in our documentation located here: https://nxlog.co/documentation/nxlog-user-guide#im_msvistalog_config you can see examples for im_msvistalog and also selecting channel in the Path tag.
Peter
Comments (3)
Hello,
I was probably unclear.
I have setup nxlog to select four paths that all are forwarded to GrayLog in the same output (see below). On the GrayLog side I would like to forward events from a certain path to a separate stream. My idea is to insert the value of $Channel to the beginning of the $Message and use that as a search condition on the GreyLog stream. But how do I modify the message sent from nxlog?
<Input in>
Module im_msvistalog
<QueryXML>
<QueryList>
<Query Id='1'>
<Select Path='Application'>*[System[(Level=1 or Level=2 or Level=3 or Level=4 or Level=0)]]</Select>
<Select Path='Security'>*[System[(Level=1 or Level=2)]]</Select>
<Select Path='System'>*[System[(Level=1 or Level=2 or Level=3 or Level=4 or Level=0)]]</Select>
<Select Path='Ensym drift'>*[System[(Level=1 or Level=2 or Level=3 or Level=4 or Level=0)]]</Select>
<Suppress Path='Application'>*[System[(EventID=1111 or EventID=1058)]]</Suppress>
<Suppress Path='System'>*[System[(EventID=1111 or EventID=1058)]]</Suppress>
</Query>
</QueryList>
</QueryXML>
</Input>
<Output out>
Module om_udp
Host XXX.XXX.XXX.XXX
Port 514
Exec to_syslog_bsd();
</Output>
Hello,
The $Channel field is passed along with other messages, see: https://nxlog.co/documentation/nxlog-user-guide#im_msvistalog_fields if you log the messages to file in json format, you can see the fields there.
On the other hand, you can play with the $Messsage field to construct it.
Peter
This can be done via the following:
You should also consider using
xm_gelfas that provides proper structured logging. Syslog is an outdated concept.