Hi
Receiving the following log:
2023-03-06T12:30:19+00:00 mycomputer windows/windows: {
"event_id":"7036","event_number":"23135", "eventlog":"System",
"source":"Service Control Manager", "source_message":"Windows module
instaler entered in state "*stopped*".","category_id":"0","category":"",
"computer":"mycomputer", "computer_ip":"192.168.0.2", "user":"" }
json parsing fails as it contains unescaped " (enclosing stopped)
Same happens when message contains unescaped \, like in domain\account
hoy could I escape the colons or backslashes ?
So far I have tried:
set $!msg=replace($!msg,"\"","\\\"");
set $!source_message=replace($!source_message,"\"","\\\"");
set $!msg=replace($!msg!source_message,"\"","\\\"");
without any success.
Thanks
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Receiving the following log:
2023-03-06T12:30:19+00:00 mycomputer windows/windows: {
"event_id":"7036","event_number":"23135", "eventlog":"System",
"source":"Service Control Manager", "source_message":"Windows module
instaler entered in state "*stopped*".","category_id":"0","category":"",
"computer":"mycomputer", "computer_ip":"192.168.0.2", "user":"" }
json parsing fails as it contains unescaped " (enclosing stopped)
Same happens when message contains unescaped \, like in domain\account
hoy could I escape the colons or backslashes ?
So far I have tried:
set $!msg=replace($!msg,"\"","\\\"");
set $!source_message=replace($!source_message,"\"","\\\"");
set $!msg=replace($!msg!source_message,"\"","\\\"");
without any success.
Thanks
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.