Hi

We are not receiving the Windows security logs via the nxlog agent. We noticed that nxlog.log successfully connected the destination IP, and port.

2023-04-12 08:18:57 INFO [CORE|main] nxlog-5.7.7898 (68bb24e7e@REL_v5.7) started on Windows2023-04-12 08:18:57 INFO [om_udp|syslogout] connecting to 10.129.5.20:5212023-04-12 08:18:57 INFO [om_udp|syslogout] successfully connected to 10.129.5.20:521

Nxlog. conf file configuration

## Please set the ROOT to the folder your nxlog was installed into,## otherwise it will not start.define ROOT C:\Program Files (x86)\nxlog

define CERTDIR %ROOT%\certdefine CONFDIR %ROOT%\confdefine LOGDIR %ROOT%\datadefine LOGFILE %LOGDIR%\nxlog.logLogFile %LOGFILE%Moduledir %ROOT%\modulesCacheDir %ROOT%\dataPidfile %ROOT%\data\nxlog.pidSpoolDir %ROOT%\data<Extension syslog>Module xm_syslog</Extension><Input eventlog>Module im_msvistalog# ReadFromLast True<QueryXML><QueryList><Query Id="0"><Select Path="ForwardedEvents">*</Select></Query></QueryList></QueryXML></Input><Processor eventlog_transformer>Module pm_transformer# OutputFormat syslog_rfc5424</Processor><Processor buffer>Module pm_buffer# 100 MB disk bufferMaxSize 102400Type disk</Processor>########################OUTPUTS##########################<Output syslogout>Module om_udpHost 10.129.5.20:521########################PUTS EVENT IN IETF FORMAT############Exec to_syslog_snare();</Output><Route 1>Path eventlog => eventlog_transformer => syslogout</Route>

Note: We are using the nxlog agent version 5.7.7898 and security events are available in Forwarded events