Hi, I'm testing nxlog with IIS servers. It works, however I have following issue: If server has IIS since years and lets assume that logs were stored for 1 year, I have bunch of iis logfiles which all together combined results with around 5GB of Data. While using nxlog as-it-is, it consumes CPU and also SIEM itself is not entirely happy about receiving sudden "bombarding" of new logs within few minutes timeframe. Unfortunately, I have around 50 servers like that and I really do not need to inject past logs. I wonder if there is an option to either throttle nxlog a bit or in best case I'd like to send ONLY new iis logs, even starting from exact today. Below you may find part of config > > Module im_file > File 'C:\inetpub\logs\LogFiles\W3SVC*\u_ex*.log' > ReadFromLast FALSE > Recursive TRUE > PollInterval 1 > Exec $FileName = file_name(); > Exec if $raw_event =~ /^#/ drop();\ > else\ > {\ > w3c_1->parse_csv();\ > $SourceName = "IIS";\ > } > I'd appreciate any hints.