Log detail being dropped

Post a different question
3
responses

Hi everyone,

We have an internal application on a windows box which logs in a way which is slightly mangled. All other windows logs come through nxlog but on these messages the entire message field gets dropped.

Is there a way to parse using ifs? eg:

if $service == "Homegrown app" {

}

So that I can either change the output format or parse them untouched into a file etc...

Does anyone know if there are any characters that don't get escaped properly that might mangle the json output?

Sorry for not giving a huge amount of information, I have to keep this as agnostic as I can.

AskedFebruary 13, 2015 - 10:23am

Comments (1)

  • adm's picture
    (NXLog)

    This question is so foggy it's nearly impossible to answer.

    Where does the log come from? Eventlog, file?

    If there is no $Message what do you want to parse?

    Other than that, you can do this:

    if $service == "Homegrown app" {

        # parse log here

    }

    February 13, 2015 - 6:57pm

Answer (1)

<Input null_in>
      Module     im_null
</Input>

<Input WindowsEvents>

....

Exec   if $feldname =~ /misbehaving_source/ reroute("alternate");

<Output alternate>

      Module    om_file

      File        "/var/log/alternate.log"

</Outfile>

<Route  whatever>

     Path   null_in => alternate

</Route>

 

Cheers

 

Ash

AnsweredFebruary 13, 2015 - 6:01pm

Comments (1)