Hi all! Actually i have this config in a server to get windows event and send to a graylog: #define ROOT C:\Program Files\nxlog define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log #Module xm_syslog Module xm_gelf #Module xm_json Module im_msvistalog # Uncomment the following to collect specific event logs only Query \ \ *\ *\ *\ \ if $Channel == 'Security' and $ObjectName =~ /.tmp/ drop(); Module om_udp Host 11x.11x.11x.11x Port 12201 #Exec to_syslog_snare(); OutputType GELF Path in1 => out But i want to know if exist any method to read a lot a .evtx files in a folder and send to graylog. I need help with this because i dont know what is the best "input modules" i need Thanks!

I think that is not posible. In order to read .evtx file you would need to use File parameter in im_msvistalog module, which unfortunately is only available in Enterprise version.