Hello,

I do admit I am totally lost about NXLog.conf for Windows 2K12 R2 machines.

The purpose is to filter some EventIDs from Security Event Log, for that I tried the below nslog.conf :

<Extension _syslog>

    Module      xm_syslog

</Extension>

<Input>
   Module      im_msvistalog
# For windows 2003 and earlier use the following:
#   Module      im_mseventlog

    Exec if ($EventID == 4634 or $EventID == 4624 or $EventID == 4672 or $EventID == 4801 or $EventID == 64 or $EventID == 7036 or $EventID == 7040) drop();\
    else\
    {\
        parse_syslog_ietf();\
        $Message = $FileName + ": " + $Message;\
        $SyslogFacility = syslog_facility_string(22);\
        $SyslogFacilityValue = syslog_facility_value("local6");\
        if ( $EventType == "INFO" ) $SyslogSeverityValue = 6;\
        if ( $EventType == "WARNING" ) $SyslogSeverityValue = 4;\
        if ( $EventType == "ERROR" ) $SyslogSeverityValue = 3;\
    }
</Input>

<Output out>
    Module      om_udp
    Host        10.1.1.39
    Port        1514
    Exec        to_syslog_snare();
</Output>

<Route 1>
    Path internal, eventlog => out
</Route>

Unfortunately despite the host and port are well set it doesn't work, and I also have these messages from nxlog.log :

xxxxxx WARNING no routes defined!
xxxxxx WARNING not starting unused module out

I would really appreciate any help