Request trial
Request Trial

NXlog CE

Tags:
#1 aauvinet

Hi,

I have a issue with my configuration. I try to send EventID to syslog with NXlog. But I am french and the log have accent.... And NXlog replace by "Ç" or other. For exemple é --> Ç

exemple :

02-20-2020 16:17:25 User.Info 10.28.201.50 1 2020-02-20T16:17:24.248999+01:00 PC-MGMT-INFRA-HDV Microsoft-Windows-Security-Auditing 532 - [NXLOG@14506 Keywords="-9214364837600034816" EventType="AUDIT_SUCCESS" EventID="4726" ProviderGuid="{54849625-5478-4994-A5BA-3E3B0328C30D}" Version="0" Task="13824" OpcodeValue="0" RecordNumber="435937" ActivityID="{40052197-E800-0000-1A22-054000E8D501}" ThreadID="488" Channel="Security" Category="User Account Management" Opcode="Informations" TargetUserName="TEST-LOG" TargetDomainName="PC-MGMT-INFRA-H" TargetSid="S-1-5-21-398120947-1394256007-3495492944-1004" SubjectUserSid="S-1-5-21-398120947-1394256007-3495492944-500" SubjectUserName="Administrateur" SubjectDomainName="PC-MGMT-INFRA-H" SubjectLogonId="0x689a9" PrivilegeList="-" EventReceivedTime="2020-02-20 16:17:25" SourceModuleName="eventlog" SourceModuleType="im_msvistalog"] Un compte dƒ?Tutilisateur a ǸtǸ supprimǸ. Sujet¶ÿ: ID de sǸcuritǸ¶ÿ: S-1-5-21-398120947-1394256007-3495492944-500 Nom du compte¶ÿ: Administrateur Domaine du compte¶ÿ: PC-MGMT-INFRA-H ID dƒ?Touverture de session¶ÿ: 0x689A9 Compte cible¶ÿ: ID de sǸcuritǸ¶ÿ: S-1-5-21-398120947-1394256007-3495492944-1004 Nom du compte¶ÿ: TEST-LOG Domaine du compte¶ÿ: PC-MGMT-INFRA-H Informations supplǸmentaires¶ÿ: PrivilÇùges -

Can you help me ?

Permalink
#2 ArkadiyDeactivated Nxlog ✓
#1 aauvinet
Hi, I have a issue with my configuration. I try to send EventID to syslog with NXlog. But I am french and the log have accent.... And NXlog replace by "Ç" or other. For exemple é --> Ç exemple : 02-20-2020 16:17:25 User.Info 10.28.201.50 1 2020-02-20T16:17:24.248999+01:00 PC-MGMT-INFRA-HDV Microsoft-Windows-Security-Auditing 532 - [NXLOG@14506 Keywords="-9214364837600034816" EventType="AUDIT_SUCCESS" EventID="4726" ProviderGuid="{54849625-5478-4994-A5BA-3E3B0328C30D}" Version="0" Task="13824" OpcodeValue="0" RecordNumber="435937" ActivityID="{40052197-E800-0000-1A22-054000E8D501}" ThreadID="488" Channel="Security" Category="User Account Management" Opcode="Informations" TargetUserName="TEST-LOG" TargetDomainName="PC-MGMT-INFRA-H" TargetSid="S-1-5-21-398120947-1394256007-3495492944-1004" SubjectUserSid="S-1-5-21-398120947-1394256007-3495492944-500" SubjectUserName="Administrateur" SubjectDomainName="PC-MGMT-INFRA-H" SubjectLogonId="0x689a9" PrivilegeList="-" EventReceivedTime="2020-02-20 16:17:25" SourceModuleName="eventlog" SourceModuleType="im_msvistalog"] Un compte dƒ?Tutilisateur a ǸtǸ supprimǸ. Sujet¶ÿ: ID de sǸcuritǸ¶ÿ: S-1-5-21-398120947-1394256007-3495492944-500 Nom du compte¶ÿ: Administrateur Domaine du compte¶ÿ: PC-MGMT-INFRA-H ID dƒ?Touverture de session¶ÿ: 0x689A9 Compte cible¶ÿ: ID de sǸcuritǸ¶ÿ: S-1-5-21-398120947-1394256007-3495492944-1004 Nom du compte¶ÿ: TEST-LOG Domaine du compte¶ÿ: PC-MGMT-INFRA-H Informations supplǸmentaires¶ÿ: PrivilÇùges - Can you help me ?

Hello,

You could use xm_charconv module to make NXLog convert charsets.
I think in your case you need to add the following code to your config:

<Extension charconv>
    Module              xm_charconv
    AutodetectCharsets  utf-8, utf-16, utf-32, iso8859-1
</Extension>

<Input input>
    ...
    Exec                convert_fields("auto", "utf-8");
    ...
</Input>

If it wouldn't work than please drop us your config.

Regards, Arch
Login to see more

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS