On Thu, 29 Nov 2012, jdguingao wrote:
I want to mimic the standard Event log data that I can see in PhpLogcon. I
have borrowed a template from a user in rsyslog forum. Here is the link
kb.monitorware.com/post20457.html#p20457
<http://kb.monitorware.com/post20457.html#p20457> and I want to extract
this field
2012-11-30T02:41:46+08:00 CX-CDOWKSMIS003.ph.gbsorg.net MSWinEventLog 0
*Security * 491 Fri Nov 30 02:41:44 2012 4689
Microsoft-Windows-Security-Auditing PH\CX-CDOWKSMIS003$ N/A
Success Audit CX-CDOWKSMIS003.ph.gbsorg.net Process Termination
A process has exited. Subject: Security ID: S-1-5-18 Account Name:
CX-CDOWKSMIS003$ Account Domain: PH Logon ID: 0x3e7 Process
Information: Process ID: 0x1d50 Process Name:
C:\Windows\System32\SearchFilterHost.exe Exit Status: 0x0 265
(See bold letters) to be my message in Eventlog Type.
the bold letters are not getting through to me (either in my text mail reader or
my webmail reader)
Ok, looking at the post you are referring to, it is splitting the fields on tabs
%msg:F:3% in a template says to put the third field from the message into this
spot.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
