NXlog rsyslog template


#1

Hello,

I use NXlog (controlled by sidecar collector) to forward Windows logs.
But I can’t send directly these logs to Graylog, I need to relay them through a linux Rsyslog v8.
At first I had a rsyslog issue because it uses LF as delimiter and not \0 as NXlog GELF output.
I resolved this issue with "AddtlFrameDelimiter=“0” in rsyslog configuration.

Then I need to forward these logs from rsyslog to the GELF TCP input.
I use the following rsyslog template:
template(name=“foobar” type=“string” string="%syslogtag%%msg%%msg:::drop-last-lf%\0")
But it does not work, the GELF TCP input displays no message received.
And I don’t see any error in server.log.

Does someone manage NXlog to rsyslog to GELF TCP input ?


#2

Finally I get it works with:
template(name=“foobar” type=“string” string="%syslogtag%%msg%")
action(type=“omfwd” Target=“10.0.0.1” port=“1514” Protocol=“tcp” template=“foobar” TCP_FrameDelimiter=“0”)


(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.