Unable to send full event to syslog

Necus · January 16, 2020, 3:12pm

Hi,
I'm trying to send Windows logs through Windows Event Forwarder, through Winlogbeat and Logstash to syslog. (System1->System2 with Winlogbeat->Logstash->syslog). For some reason event which appear in syslog is cropped only to message field, no event fields, no winlog fields. The same event in Elasticsearch has all of the fields. Why output to syslog on Logstash cropped fields other than message?

Necus · January 22, 2020, 10:55am

Ok, simpler question then:
Is there a way to send a full log through Winlogbeat->Logstash->syslog or is it impossible?

Badger · January 22, 2020, 2:59pm

See the documentation

By default the contents of the message field will be shipped as the free-form message text part of the emitted syslog message. If your messages don’t have a message field or if you for some other reason want to change the emitted message, modify the message configuration option.

Necus · January 24, 2020, 11:38am

Ok, so there is a way
Did you see any tutorial that will help me to achieve my goal?

system · February 21, 2020, 11:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Syslog Output only transferring the "message" field Logstash	15	649	March 15, 2024
Windows Event Log to Syslog server Beats winlogbeat	5	1803	April 23, 2018
Logstash syslog output message => %{_source} Logstash	2	603	April 30, 2019
Winlogbeat to syslog Beats winlogbeat	2	3204	January 11, 2017
Windows event fields parsing Logstash	3	448	July 30, 2019

Unable to send full event to syslog

Related topics