Hello
Thanks for info but my case is different (I think!)
If I'm not wrong your configuration for NXLOG is to fetch live eventlogs,
in my case I have a huge archive (5TB) of windows logs that have been
already exported as text file, so I'm not accessing the live eventlogs on a
windows system.
Best regards
Mark
On Sunday, May 31, 2015 at 1:49:06 AM UTC+10, graylog...@gmail.com wrote:
>
> Hello
>
> I'm having a problem with graylog and nxlog feed
>
> I have a huge archive of windows event logs, I have been trying to import
> these logs into graylog using nxlog and gelf
>
> It all works well, nxlog pickup the logs and imports them but the messages
> are being split in several records rather tha a single one,
>
>
> Example if the event log contains the follow
>
>
> *{"1331892664000, 4624, "Success", "Security",
> "Microsoft-Windows-Security-Auditing", "An account was successfully logged
> on.*
>
> *Subject:*
> * Security ID: S-1-0-0*
> * Account Name: -*
> * Account Domain: -*
> * Logon ID: 0x0*
>
> *Logon Type: 3*
>
>
> *This event is generated when a logon session is created. It is generated
> on the computer that was accessed.*
>
> *Key length indicates the length of the generated session key. This will
> be 0 if no session key was requested." "} *
>
>
> It gets loaded into graylog as:
>
> Record 1: *{"1331892664000, 4624, "Success", "Security",
> "Microsoft-Windows-Security-Auditing", "An account was successfully logged
> on.*
> Record 2: *Subject*
> Record 3*: **Security ID: S-1-0-0*
>
> etc.
> etc
>
>
> I just would like to have all the message stored in one record
>
> Do you have any idea how this could be achieved?
>
> Thanks!
> Mark
>
>
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
