Hi Fabio,
There is no direct support to automatically convert messages into LEEF
Format but usually we can build almost any format using our property engine.
In the past, I have created a ruleset for RSyslog Windows Agent, that
outputs a propper CEF Formatted message which looks very similar to LE
HI
try to define new template (to see variables produced by mmnormalize) and
use it instead of RSYSLOG_DebugFormat:
template (name="json_w_eol" type="string" string="%$!all-json%\n")
file="/var/log/libvirt/qemu.log"
template="json_w_eol"
...
m.
On Tue, Oct 6, 2020 at 8:35 AM Wasil W. Siarg
2 matches
Mail list logo
