Back to your phpLogCon instanceHow do I eliminate the returns or line feed characters from events sent from my Windows servers to my Linux syslog server? When I upgraded EventReporter, I mostly accepted the defaults, and now I get those horrible ^M characters in my syslog messages file. If I move it over to my Windows PC, I get output that looks like Windows Event Viewer logs - exactly what I was trying to avoid by using EventReporter.
This is an example of an offending entry in the Linux messages file, viewed with vi:
Aug 14 04:12:34 myhost MYHOST EvntSLog: 9310: [AUS] Sun Aug 14 04:12:34 2005: NT AUTHORITY\SYSTEM/Security/MYHOST/Security (593) - "A process has exited:^M Process ID: 552^M User Name: MYHOST$^M Domain: PRINCETON^M Logon ID: (0x0,0x3E7)^M "
I want each record to be one line, so I can easily grep through it, without distracting carriage return characters.
I would also like to know what the field and record separators are in events so that I can parse them.
Thanks.
Catemaco
MonitorWare Knowledge Base
Your first source for knowledge
Formatting Windows events in syslog
Moderator: alorbach
5 posts • Page 1 of 1
by mmeckelein on Wed Aug 24, 2005 10:07 am
Catemaco,
Sounds strange. I have done a quick check with the latest version of EventReporter and a debian system and can't reproduce it.
Can you please forward us your configuration to support@adiscon.com
http://www.monitorware.com/en/supportcall.php
Please also tell us the following things:
- The exact EventReporter version
- What kind of linux system you are running
- What kind of syslog daemon you are running (e.g. syslog-ng, rsyslog,...)
Best regards,
Michael Meckelein
Adiscon
Sounds strange. I have done a quick check with the latest version of EventReporter and a debian system and can't reproduce it.
Can you please forward us your configuration to support@adiscon.com
http://www.monitorware.com/en/supportcall.php
Please also tell us the following things:
- The exact EventReporter version
- What kind of linux system you are running
- What kind of syslog daemon you are running (e.g. syslog-ng, rsyslog,...)
Best regards,
Michael Meckelein
Adiscon
- mmeckelein
- Adiscon Support
- Posts: 167
- Joined: Wed Mar 12, 2003 12:07 pm
Re: Formatting Windows events in syslog
by Catemaco on Wed Oct 05, 2005 2:52 pm
I think the syslog version is irrelevant. Clearly, it is EventReporter that is sending the carriage returns from Windows without changing them to some other field delimiter. This didn't happen with my earlier version of EventReporter.
I'm sending my configuration file, etc. by email.
I'm sending my configuration file, etc. by email.
- Catemaco
by mmeckelein on Wed Oct 05, 2005 3:05 pm
I have not received your configuration until now, maybe it is on the way. Can you please check the following in your Event Log Monitor:
In Advanced Options, if 'Compress Control Characters' is enabled.
Maybe this will do the trick.
Best regards,
Michael Meckelein
Adiscon
In Advanced Options, if 'Compress Control Characters' is enabled.
Maybe this will do the trick.
Best regards,
Michael Meckelein
Adiscon
- mmeckelein
- Adiscon Support
- Posts: 167
- Joined: Wed Mar 12, 2003 12:07 pm
by rgerhards on Wed Oct 05, 2005 4:41 pm
Actually, this was a bug in the configuration program. The option should have read "Compress Spaces and Remove Control Characters". I have filed a bug report and made sure this will be fixed with the next update. Sorry for any inconvenience this has caused (the original question is already solved via private mail, but I thought I post this for the benefit of others watching this thread).
Rainer Gerhards
Adiscon
Rainer Gerhards
Adiscon
-
rgerhards - Site Admin
- Posts: 1282
- Joined: Thu Feb 13, 2003 11:57 am
Google Ads
5 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests
