MonitorWare Knowledge Base

Hi everyone,

I'm trying to set up a Logging System for Windows. On the windows side I use snare to send events to a rsyslog-server, that's already up and running.

My problem is with the property replacer. I configured extraction based on fields for the MSG part. The problem I faced is that the delimiter character (Tab, 0x09) is not stripped, that means that each value that is inserted in the database has that delimiter character at the end.

Is there something I did wrong in my statement or is it a bug ? If so is there a quick solution ?

I use rsyslog-1.12.2 on debian with mysql 4.0.

the config:

$template winlog,"insert into winlog(received, logname, zeit, ereignis, quelle, benutzer, art, computer, kategorie, inhalt) values ('%timegenerated:::date-mysql%', '%syslogtag:F:3%', '%timereported:::date-mysql%', '%msg:F:2%', '%msg:F:3%', '%msg:F:4%', '%msg:F:6%', '%msg:F:7%', '%msg:F:8%', '%msg:F:10%' )",

• Custom written rsyslog.conf?
• Maintenance Contract?
• Installation support?