So i'm trying to accomplish the following:
I want the "MessageText" to appear in one, constant line of text instead of it being indented with tabs and enters for the subject, group and process information. Is it possible to achieve this? i've tried messing around with the logging formats and even creating my own, but no dice.
I tried searching around but couldn't manage to find much about it. Anyone can help me out with this?
Currently an example syslog I've received:
'6/27/2019','1:55:12 PM','6/27/2019 1:55:12 PM','639','+0200','Kernel','Notice','Kernel.Notice','192.168.100.130','192.168.100.130','UDP','Jun 27 13:24:15 WIN-RDSGFDFGDFG MSWinEventLog 5 Security 41 Thu Jun 27 13:24:11 2019 4799 Microsoft-Windows-Security-Auditing N/A Audit Success WIN-RSDFSDFSDF 13826 A security-enabled local group membership was enumerated.
Subject:
Security ID: S-x-x-xx
Account Name: WIN-SDFSDFSDFSDF
Account Domain: WORK
Logon ID: 0x3E7
Group:
Security ID: S-x-x-xx-xxx
Group Name: Backup Operators
Group Domain: Builtin
Process Information:
Process ID: 0xxxxxxxx
Process Name: C:\Windows\System32\sdgdfsgdfg.exe'
I want the 3 paragraphs at the end (subject, group and process information) to be pasted to the end of the first line of text, with its spaces and tabs instead of it continuing on the next line. Is this even possible to achieve?
'6/27/2019','1:55:12 PM','6/27/2019 1:55:12 PM','639','+0200','Kernel','Notice','Kernel.Notice','192.168.178.130','192.168.178.130','UDP','Jun 27 13:24:15 WIN-ROBKHFCU8AS MSWinEventLog 5 Security 41 Thu Jun 27 13:24:11 2019 4799 Microsoft-Windows-Security-Auditing N/A Audit Success WIN-ROBKHFCU8AS 13826 A security-enabled local group membership was enumerated.
Subject:
Security ID: S-1-5-18
Account Name: WIN-ROBKHFCU8AS$
Account Domain: WORKGROUP
Logon ID: 0x3E7
Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin
Process Information:
Process ID: 0x1084
Process Name: C:\Windows\System32\VSSVC.exe'