We are evaluating some options/products for sending Windows event and
other logs to our
syslog-ng servers. When running the Windows syslog-ng agent, we are
seeing 2 issues:
- Multiple events per line are being generated from the windows agent,
lines are terminated,
and continued on the next line. We would like to see one event per line.
- We are seeing most lines contain a chunk of HEX characters
(<EF><BB><BF>) that are
aparently UTF-8 byte order marks.
Has anyone experienced this with logs generated from the syslog-ng
windows agent, and is
there a way to filter these out? We are running a pretty old
syslog-ng (1.6.7) on our collector,
so perhaps this might be the issue?
other logs to our
syslog-ng servers. When running the Windows syslog-ng agent, we are
seeing 2 issues:
- Multiple events per line are being generated from the windows agent,
lines are terminated,
and continued on the next line. We would like to see one event per line.
- We are seeing most lines contain a chunk of HEX characters
(<EF><BB><BF>) that are
aparently UTF-8 byte order marks.
Has anyone experienced this with logs generated from the syslog-ng
windows agent, and is
there a way to filter these out? We are running a pretty old
syslog-ng (1.6.7) on our collector,
so perhaps this might be the issue?
Any ideas would be welcome...
thanks!
-pat.
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis
[ reply ]