Starting from EventReporter 7, enhanced formatting is supported. The backside of this is that things are a bit more complicated than in previous versions. If you would like to receive the past message format, you can do either of two things:
1. Uncheck the “Use Legacy Format” checkbox inside the EventLogMonitor’s advanced options (Figure1, by default this is already unchecked), then configure the message field in the forward syslog action (Figure2) as follows:
- %severity% %timereported:::uxTimeStamp%: %user%/%source%/%sourceproc% (%id%) – “%msg%”
OR
2. Check the “Use Legacy Format” checkbox (Figure1) and simply configure the message field in the forward syslog action (Figure2) by typing in:
- %msg% (Please note that the “Process message while relaying” option must be checked)
Please note: when you are using the first variant, the eventcounter will not be displayed!
Some Pictures for better visualisation:
Figure1: EventLogMonitor Service
Figure2: Forward Syslog Action
If you are happy with the previous format and do not anticipate any need to have full access to individual properties, option 2 is probably the best to use. If you interested in the poperties (e.g. to send email messages different in format from syslog messages), you should go for option 1.
Full details on the properties available can also be found in the manual under “property replacer“. Please note that once you set the event log monitor to legacy format, you can NOT remove the extra information inside the msg property.