UNPKG

nsyslog

Version:

Modular new generation log agent. Reads, transform, aggregate, correlate and send logs from sources to destinations

github.com/solzimer/nsyslog

solzimer/nsyslog

57 lines (49 loc) 1.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
## Windows Event Log Parser Processor The Windows Event Log Parser Processor parses Windows Event Log XML messages into structured JSON objects. It remaps fields for easier processing. ## Examples ### Example 1: Parse a Windows Event Log message #### Configuration ```json "processors": { "winevtParser": { "type": "winevtparser", "config": { "input": "${originalMessage}", "output": "eventData" } } } ``` #### Input ```json { "originalMessage": "<Event><System><TimeCreated SystemTime=\"2023-03-15T10:00:00Z\"/><EventID Qualifiers=\"0\">4624</EventID></System><EventData><Data Name=\"TargetUserName\">JohnDoe</Data><Data Name=\"TargetDomainName\">DOMAIN</Data></EventData></Event>" } ``` #### Output ```json { "originalMessage": "<Event><System><TimeCreated SystemTime=\"2023-03-15T10:00:00Z\"/><EventID Qualifiers=\"0\">4624</EventID></System><EventData><Data Name=\"TargetUserName\">JohnDoe</Data><Data Name=\"TargetDomainName\">DOMAIN</Data></EventData></Event>", "eventData": { "Event": { "System": { "TimeCreated": { "SystemTime": "2023-03-15T10:00:00Z" }, "EventID": 4624, "Qualifiers": "0" }, "EventData": { "Data": { "TargetUserName": "JohnDoe", "TargetDomainName": "DOMAIN" } } } } } ``` --- ## Configuration Parameters * **input**: Expression to extract the XML message (default: `${originalMessage}`). * **output**: Field to store the parsed JSON object.