Log detail being dropped | Log collection solutions

#1 keefbaker 10 years ago

Hi everyone,

We have an internal application on a windows box which logs in a way which is slightly mangled. All other windows logs come through nxlog but on these messages the entire message field gets dropped.

Is there a way to parse using ifs? eg:

if $service == "Homegrown app" {

}

So that I can either change the output format or parse them untouched into a file etc...

Does anyone know if there are any characters that don't get escaped properly that might mangle the json output?

Sorry for not giving a huge amount of information, I have to keep this as agnostic as I can.

Permalink

#3 akumar 10 years ago

#1 keefbaker

Hi everyone, We have an internal application on a windows box which logs in a way which is slightly mangled. All other windows logs come through nxlog but on these messages the entire message field gets dropped. Is there a way to parse using ifs? eg: if $service == "Homegrown app" { } So that I can either change the output format or parse them untouched into a file etc... Does anyone know if there are any characters that don't get escaped properly that might mangle the json output? Sorry for not giving a huge amount of information, I have to keep this as agnostic as I can.

<Input null_in>
Module im_null
</Input>

....

Exec if $feldname =~ /misbehaving_source/ reroute("alternate");

Module om_file

File "/var/log/alternate.log"

</Outfile>

Path null_in => alternate

</Route>

Cheers

Ash