I'm trying to ws_ftp logs that are xml formatted as such : xxxx data data xxxx 0 0 ip ip xxx ... with this configuration : define ROOT C:\Program Files\nxlog Module xm_gelf Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log Module xm_multiline HeaderLine /^/ EndLine /^/ Module xm_xml Module xm_json Module im_file File "PATH TO .XML" SavePos FALSE PollInterval 1 ReadFromLast FALSE InputType multiline $EventData = extract_xml("/log/entry"); if $EventData == "" { delete($EventData); } to_json(); Module om_file File "C:\\temp\\output_test.txt" Path in => out i can't get past this error : > ERROR Couldn't parse Exec block at C:\Program Files\nxlog\conf\nxlog.conf:34; couldn't parse statement at line 35, character 40 in C:\Program Files\nxlog\conf\nxlog.conf; function 'extract_xml()' does not exist or takes different arguments > ERROR module 'in' has configuration errors, not adding to route '1' at C:\Program Files\nxlog\conf\nxlog.conf:51 how can i get further?

Hello

The log is quite self-explanatory: function 'extract_xml()' does not exist. There is no such a function in NXLog. I'm not sure what exactly you are trying to do but you might try with:

<Exec> $EventData = to_xml; if $EventData =~ /(^$|^\s+$)/ drop(); </Exec>

This block should transfer the value of the $EventData field to XML and drop the $EventData field if it's empty....