Have created this simple agent to send agent logs to a central server.
Is it possible to bulk this and only send once per hour ?
What requirements to use the same as agentless ?
When I add a second agent, how does the NXlog server separate the logs ?
I then want to forward all logs on NXlog server to SIEM or Elastic , how to forward ? possible to bult this aswell

<Input syslog>
Module im_msvistalog
<QueryXML>
<QueryList>
<Query Id='0'><Select Path='System'>*[System[(Level &lt;= 3)]]</Select></Query>
<Query Id='1'><Select Path='Application'>*[System[(Level &lt;= 3)]]</Select></Query>
<Query Id='2'><Select Path='Security'>*[System[(Level &lt;= 3)]]</Select></Query>
</QueryList>
</QueryXML>
</Input>

<Output forward>
Module om_tcp
Host x.x.x.x
Port 1514
</Output>

#################### ROUTE ###########
<Route r>
Path syslog => forward
</Route>

Hello, Answering your questions: 1. Yes, it would be possible, I suppose the `` block might do the job, but in this case, you'd most likely need to use some buffer file or something similar; generally, that's not trivial case. It doesn't sound reasonable to send logs that rare, perhaps you'd like to reconsider the idea? 2. I don't see a simple solution to make the same stuff agentless; probably you'd need some external tools 3. NXLog isn't a server; each node sending data to the log collector (SIEM, anything other you use) should be easily identified as a unique log source 4. One can forward logs using different approaches, just to mention, using protocols such as `tcp`, `udp` or `http`. The Community Edition supports several formats, for instance `JSON`, or `GELF`, which can be used directly to feed you Graylog instance. If you're interested in a bigger number of ready to use integrations, please take a look at what [Enterprise Edition](https://nxlog.co/documentation/nxlog-user-guide/integration.html) offers - I'm sure you're gonna find what you need there. Regards, Rafal