I want to mimic the standard Event log data that I can see in PhpLogcon. I have borrowed a template from a user in rsyslog forum. Here is the link kb.monitorware.com/post20457.html#p20457 <http://kb.monitorware.com/post20457.html#p20457> and I want to extract this field
2012-11-30T02:41:46+08:00 CX-CDOWKSMIS003.ph.gbsorg.net MSWinEventLog 0 *Security * 491 Fri Nov 30 02:41:44 2012 4689 Microsoft-Windows-Security-Auditing PH\CX-CDOWKSMIS003$ N/A Success Audit CX-CDOWKSMIS003.ph.gbsorg.net Process Termination A process has exited. Subject: Security ID: S-1-5-18 Account Name: CX-CDOWKSMIS003$ Account Domain: PH Logon ID: 0x3e7 Process Information: Process ID: 0x1d50 Process Name: C:\Windows\System32\SearchFilterHost.exe Exit Status: 0x0 265 (See bold letters) to be my message in Eventlog Type. -- View this message in context: http://rsyslog-rsyslog-users.1305293.n2.nabble.com/Please-help-with-Snare-Format-tp7579234p7579236.html Sent from the rsyslog -- rsyslog-users mailing list archive at Nabble.com. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
