1
response

We are testing nxlog for syslog forwarder for replacment of windows own provided forwarder EvtSys. We are getting logs at syslog server, but see many special characters and such such #015, #012, #011 in multiple places in log.

Below is configuration of .conf file

<Input in>
Module im_msvistalog
</Input>

<Output out>
Module om_udp
Host **.***.**.**
Port 514
</Output>

#################### ROUTE ###########
<Route r2>
Path in => out
</Route>

Can you please guide us how to resolve it. I am hereby providing Log snippet of both EvtSys generated log and nxlog generated log

Sample Log snippet generated by Windows syslog forwarder EvtSys
Apr 22 09:01:03 WindowsHostMachine Security-Auditing: 4624: AUDIT_SUCCESS An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WindowsHostMachine$ Account Domain: TEST Logon ID: 0x3E7 Logon Type: 10 Impersonation Level: Impersonation New Logon: Security ID: S-1-5-21-3128912327-2939948577-25280133-5861

Sample Log snippet generated by nxlog
Apr 20 12:41:55 2021-04-20 12: 41:29 WindowsHostMachine AUDIT_SUCCESS 4624 An account was successfully logged on.#015#012#015#012Subject:#015#012#011Security ID:#011#011S-1-0-0#015#012#011Account Name:#011#011-#015#012#011Account Domain:#011#011-#015#012#011Logon ID:#011#0110x0#015#012#015#012Logon Type:#011#011#0113#015#012#015#012Impersonation Level:#011#011Impersonation#015#012#015#012New Logon:#015#012#011Security ID:#011#011S-1-5-21-3128912327-2939948577-25280133-30353#015#012#011

AskedApril 29, 2021 - 4:48pm

Answer (1)