[syslog-ng] using syslog-ng and parsing data from both Windows XP and Windows 7 machines
Balazs Scheidler
bazsi at balabit.hu
Sun Mar 18 13:04:45 CET 2012
On Thu, 2012-03-01 at 12:20 -0600, Mary A Waddick wrote:
> Hi,
>
> I am using nxlog to send data from both Windows XP and Windows 7
> machines to a Unix machine using syslog-ng .
>
> My nxlog.conf files are configured to send im_mseventlog data for the
> Windows XP boxes and im_msvistalog data for the Windows 7 boxes.
>
> (See attached file: new nxlog.conf)
>
> Therefore I get slightly different data for each machine. The examples
> on your website don't show me how to parse out all of the
> im_mseventlog or im_msvistalog data from the different columns in msg.
> Can you help me with getting the data?
>
> My syslog-ng.conf looks like this. I was told that the eventlog data
> would have the columns that I included in my table, but I am unable to
> figure out how to pull that data out of the msg column using the
> provided macros. I have searched and searched, but have not found any
> examples.
>
I don't really know nxlog, however apart from writing data to the
database I can't see you'd be parsing the format produced by nxlog
within syslog-ng.
You probably need to apply a csv-parser() or db-parser() depending on
the format nxlog produces. Then you can use the sql destination to write
those values into SQL fields.
--
Bazsi
More information about the syslog-ng
mailing list