what software are you using to send the windows event data?
can you show us an example of a log that's not working? (what the rawmsg looks like)
David Lang On Tue, 4 May 2021, James Ward-Smith via rsyslog wrote:
Hi, We are using a custom syslog header to parse Windows Events into syslog format, but it does not seem to be picking up the structured data. In our custom syslog header, we have referenced %syslogstructdata% and we are trying to set a property so that syslogstructdata is equal to the structured XML of the windows event. We are unable to get this to come through and can only get it if we use logpoint SIEM JSON format. Kind regards, James _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
