On Thu, 2012-03-01 at 12:20 -0600, Mary A Waddick wrote:

Hi,

I am using nxlog to send data from both Windows XP and Windows 7 machines to a Unix machine using syslog-ng .

My nxlog.conf files are configured to send im_mseventlog data for the Windows XP boxes and im_msvistalog data for the Windows 7 boxes.

(See attached file: new nxlog.conf)

Therefore I get slightly different data for each machine. The examples on your website don't show me how to parse out all of the im_mseventlog or im_msvistalog data from the different columns in msg. Can you help me with getting the data?

My syslog-ng.conf looks like this. I was told that the eventlog data would have the columns that I included in my table, but I am unable to figure out how to pull that data out of the msg column using the provided macros. I have searched and searched, but have not found any examples.

I don't really know nxlog, however apart from writing data to the database I can't see you'd be parsing the format produced by nxlog within syslog-ng. You probably need to apply a csv-parser() or db-parser() depending on the format nxlog produces. Then you can use the sql destination to write those values into SQL fields. -- Bazsi