1
response

Ok so im trying to export the logs from our FortiGate to a CSV file. Thats actually allready working fine.
But the problem is, lots of information is stored in the $Message. So what i want to do is to get all "variables" in the $Message in seperate fields.
Im having a really hard time with this right now. Ive never really done something with regex and nxlog.
I´d be really happy if you guys could help me out here.

Thats how nxlog writes an event into the csv file:
2021-06-28 00:00:05;"INFO";2;"XXX.XXX.XXX.XXX";;"date=2021-06-28,time=00:00:05,devname=\"XXXX\",devid=\"XXX\",logid=\"0000000013\",type=\"traffic\",subtype=\"forward\",level=\"notice\",vd=\"root\",eventtime=1624831205715391871,tz=\"+0200\",srcip=XXX.XXX.XXX.XXX,srcport=33084,srcintf=\"port1\",srcintfrole=\"lan\",dstip=XXX.XXX.XXX.XXX,dstport=80,dstintf=\"wan1\",dstintfrole=\"wan\",sessionid=24018243,proto=6,action=\"close\",policyid=3,policytype=\"policy\",poluuid=\"7f09e0e6-c026-51ea-ccf3-27ba9a95d742\",service=\"HTTP\",dstcountry=\"France\",srccountry=\"Reserved\",trandisp=\"snat\",transip=XXX.XXX.XXX.XXX,transport=33084,appid=16648,app=\"Kaspersky.Update\",appcat=\"Update\",apprisk=\"low\",applist=\"Std-Appcontrol\",duration=5,sentbyte=836,rcvdbyte=1036,sentpkt=6,rcvdpkt=4,shapingpolicyid=7,shapersentname=\"A1_Outgoing\",shaperdropsentbyte=0,shaperrcvdname=\"Incoming\",shaperdroprcvdbyte=0,vwlid=0,utmaction=\"allow\",countapp=1 mastersrcmac=\"XXX\",srcmac=\"XXX\",srcserver=0"

I guess replacing all the ',' with ';' would work. But i have no Idea how to do that.
If you need more infos im going to send them asap.

AskedJune 29, 2021 - 3:48pm

Answer (1)