Hi, I install NXLog Enterprise Edition v5 trial And try to filter out events before send to SIEM. I can get some events and see SIEM side. But when I create fake event , cannot see all. What I want? I want to forward Windows server APP, SEC ve SYS logs that have only WARNING,ERROR and CRITICAL levels in CEF format Is that config part correct? Module xm_syslog Module xm_cef Module im_msvistalog # For windows 2003 and earlier use the following: # Module im_mseventlog # Channel Security *[System/Level<4] *[System/Level<4] *[System/Level<4]