ESET Protect Cloud logs

Hi everyone,

I've been playing around with logtash for days but still have not found a solution for this, my ESET console is configured to send syslog/BSD logs but I am getting this odd character set in my logstash instance, could you give some light on what I need to read or do in order to get readable logs? Thanks in advance

2023-04-27T14:27:57.000Z {hostname=Application, ip=190.14.138.14} [916] svchost (2796,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
2023-04-27T08:47:58.473535200Z {ip=40.81.8.150} \u0016\u0003\u0001\u0000\xC9\u0001\u0000\u0000\xC5\u0003\u0003\x8EQ\xB7\xCDL\xD3r\x90nΏ\xFE\xA1\u0016\xBB\u001A\x80`&\u0016!\xD9S~8\xB7\u0003\x84}\x88(\xA8\u0000\u00008\xC0,\xC00\u0000\x9F̨̩̪\xC0+\xC0/\u0000\x9E\xC0$\xC0(\u0000k\xC0#\xC0'\u0000g\xC0\n
2023-04-27T08:47:58.495544700Z {ip=40.81.8.150} \xC0\u0014\u00009\xC0\t\xC0\u0013\u00003\u0000\x9D\u0000\x9C\u0000=\u0000<\u00005\u0000/\u0000\xFF\u0001\u0000\u0000d\u0000\u0000\u0000\u0012\u0000\u0010\u0000\u0000\r54.91.253.102\u0000\v\u0000\u0004\u0003\u0000\u0001\u0002\u0000\n
2023-04-27T08:47:58.498536800Z {ip=40.81.8.150} 

This is my custom conf

input {
   syslog {
      port => 6514

   }
}


output {
   file {
      path => "C:\logstash\logs\file_name.log"
      codec => "line"
   }
}

I want to add an screen of the console in Windows with the error, I already tried to change the encoding to ISO-8859-1 but no luck

input {
   syslog {
      port => 6514
      codec => plain {
                    charset => "ISO-8859-1"
            }

   }
}

Is this your original message? Before logstash?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.