I am having trouble configuring NXlog Enterprise to forward Windows Event log in the original raw XML format that is shown in the XML View in Details Tab. The required data is: 4624 2 Information Logon Info Audit Success 6733 Security Redacted01 NT AUTHORITY\SYSTEM Redacted01$ WORKGROUP 0x3e7 Redacted01\Redacted03 Redacted03 Redacted01 0x45b8d14 7 User32 Negotiate Redacted01 {00000000-0000-0000-0000-000000000000} - - 0 0x438 C:\Windows\System32\svchost.exe Redacted02 0 Impersonation - - - No 0x0 Yes The data I am currently receiving is the informatio in the General Tab instead. I have applied the following configuration to convert the data in XML format: define ROOT C:\Program Files\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log Module xm_syslog Module xm_json Module xm_xml Module im_msvistalog Query \ \ * \ * \ * \ \ Exec $Message=$EventXML;$log_type=$event_trace;to_xml(); Module om_udp Host 192.168.108.201:514 Path in_win => out_win However, I am not able to get the desired output. The data I am currently receiving is: 09 15 2022 03:53:34 192.168.115.4 2022-09-15 16:38:31SOCJH-04.cryptogennepal.com9232379236109516800AUDIT_SUCCESS2INFO4624Microsoft-Windows-Security-Auditing{54849625-5478-4994-A5BA-3E3B0328C30D}212544018992874811540SecurityLogonInfoS-1-5-18SOCJH-04$CGN0x3e7S-1-5-21-1983202128-2021996171-226450221-1105srijan.kafleCGN0x1e170ee7NegotiatNegotiateSOCJH-04{4eaf9196-9215-5425-4e8c-729f74b2f1ce}--00x2ecC:\Windows\System32\lsass.exe--%%1833---%%18430x0%%18432022-09-15 16:38:33in_winim_msvistalog Requesting assistance/documentation to achieve the desired log format