Hi, everyone. I haven’t overcome the problem above. Could anyone please share idea of ; -The possible methods of determining the root cause of the problem -The possible methods of overcoming this problem As soon as you can, please! Thank you.

<The problem> When sending event logs from NXlog, a certain event log has never been sent to the windows log collection server. E.g. Event ID: 4624（Successful Logon）->Has not been sent Event ID: 4634（Logout）->have been sent

<The methods already tested > 1.Debugging; The following debug log was configured in order to test that target event log (ID: 4624) was recognized by NXlog.

Exec if ($EventID == 4624) log_info("EventID = 4624 | " + $EventID + " | " + $EventTime);

The test shows that the event log was recognized by NXlog, as it was output to NXlog as follows.

2021-05-14 19:22:17 INFO EventID = 4624 | 4624 | 2021-05-14 19:22:17

2. Explicit output of the target event log (ID4624); The test shows that the expected event log has not been sent, though the following event logs were sent after specified event logs explicitly.

　　#In Windows Event Log (Event ID：4624 or 4625) 　　<Input In_eventlog_logon> 　　Module im_msvistalog Exec if ($EventID == 5156) drop(); Exec if ($EventID == 4624) log_info("EventID = 4624 | " + $EventID + " | " + $EventTime + " | " + $Hostname); 　 <QueryXML> <QueryList> <Query Id='0'> <Select Path="Security">*[System[(EventID=4624 or EventID=4625)]]</Select> </Query> </QueryList> </QueryXML> </Input>