cef log format
Tags:
#1
LL_583818
I I'mtrying to forward windows events to flume, the log should start with CEF:0, but the log nxlog send are formatted as this:
02-16-2021 12:02:46 User.Info 192.168.3.205 Feb 16 12:02:46 nxlogserver-01 SOC[0]: CEF:0|NXLog|NXLog|5.2.6388-trial|0|-|7|end=1613473366200 dvchost=nxlogserver-01 Keywords=36028797018963968 outcome=INFO SeverityValue=2 Severity=INFO externalId=4647 SourceName=SOC TaskValue=1 RecordNumber=5124 ExecutionProcessID=0 ExecutionThreadID=0 deviceFacility=System msg=Test Resisto Opcode=Info Data=Test Resisto EventReceivedTime=1613473366575 SourceModuleName=from_eventlog SourceModuleType=im_msvistalog
is there a way to have them formatted so they begin with CEF:0 ?
Thanks
