Hello

I'm having a problem with graylog and nxlog feed 

I have a huge archive of windows event logs, I have been trying to import 
these logs into graylog using nxlog and gelf

It all works well, nxlog pickup the logs and imports them but the messages 
are being split in several records rather tha a single one, 


Example if the event log contains the follow


*{"1331892664000, 4624, "Success", "Security", 
"Microsoft-Windows-Security-Auditing", "An account was successfully logged 
on.*

*Subject:*
* Security ID: S-1-0-0*
* Account Name: -*
* Account Domain: -*
* Logon ID: 0x0*

*Logon Type: 3*


*This event is generated when a logon session is created. It is generated 
on the computer that was accessed.*

*Key length indicates the length of the generated session key. This will be 
0 if no session key was requested." "}  *


It gets loaded into graylog as:

Record 1: *{"1331892664000, 4624, "Success", "Security", 
"Microsoft-Windows-Security-Auditing", "An account was successfully logged 
on.*
Record 2: *Subject*
Record 3*: **Security ID: S-1-0-0*

etc.
etc


I just would like to have all the message stored in one record

Do you have any idea how this could be achieved?

Thanks!
Mark





-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to