answer
Hello,
I am sending a message with hostname to my syslog server, my conf is as follows:
define ROOT C: \ Program Files (x86) \ nxlog
Moduledir% ROOT% \ modules
CacheDir% ROOT% \ data
Pidfile% ROOT% \ data \ nxlog.pid
SpoolDir% ROOT% \ data
LogFile% ROOT% \ data \ nxlog.log
<Extension _syslog>
Module xm_syslog
</Extension>
<Input in>
Module im_msvistalog
<Exec>
parse_syslog ();
$ Message = "hostnamexxx" + $ Message;
to_syslog_ietf ();
</Exec>
</Input>
<Output out>
Om_udp module
Host xx.xxx.xx
Port 514
Exec to_syslog_ietf ();
</Output>
<Route 1>
Path in => out
</Route>
My log is coming with the message correctly:
Feb 12 23:11:34 DESKTOP-XXXXX Microsoft-Windows-Eventlog [964] hostnamexxxxINFO 1102 The audit log was cleared. Subject: Security ID: # xxxxxxxx-1001 Account Name: Admin Domain Name: DESKTOP-XXXXX Logon ID: 0xD438A
However, the message "hostnamexxxx" is coming in the middle of the log, as you can see above. This is disturbing my parser, is there any way I can put this "hostnamexxxx" message last in my log? Example:
Feb 12 23:11:34 DESKTOP-XXXXX Microsoft-Windows-Eventlog [964] INFO 1102 The audit log was cleared. Subject: Security ID: # xxxxxxxx-1001 Account Name: Admin Domain Name: DESKTOP-XXXXX Logon ID: 0xD438A hostnamexxxx
Thanks
Comments (1)
Thank you very much Manuel, helped me a lot!!!