Hi Brian,

Indeed only one module is allowed per configuration block, so in the W3SVCOUT Output you need to decide which of the modules you'll keep based on the protocol that your target (Taegis) is expecting on that port. You can comment out the others. 

There is a typo in the original link you've provided. The original Secureworks template can be found at: https://docs.ctpx.secureworks.com/integration/connectEndpoint/nxlog_WEL.txt 

For example if you need TCP the output block should look like so:

<Output W3SVCOUT>
##    Module      om_udp
   Module      om_tcp
### Guidance on TLS/SSL configuration - https://nxlog.co/documentation/nxlog-user-guide/om_ssl.html
##    Module    om_ssl
   Host        %XDR%
   Port        %PORT%
##    CAFile    %CERTDIR%\CA.cer
##    CertFile    %CERTDIR%\winhost.cer
##    CertKeyFile    %CERTDIR%\winhost.key
##    AllowUntrusted    FALSE

### Create our RFC3164 compliant syslog line and transmit on local5.info
    Exec        $SyslogFacilityValue = 21;$Hostname=hostname_fqdn();$Severity = 'INFO';to_syslog_bsd();

</Output>

I hope this helps. 

If you'd be interested to try the NXLog Enterprise Edition, please note that during the 30-day full-featured trial we can assist you on a presales level. If you later decide to purchase there are several support tier options you can chose from.

Kind regards,
 

Konstantinos