Hi everyone,

I’ve configured an Windows EventLog collection server and setup a handful of custom eventlog channels per the following article.
https://blogs.technet.microsoft.com/russellt/2016/05/18/creating-custom-windows-event-forwarding-logs/

My custom event log channels are receiving the correct logs, and everything is working as expected as far as event collection goes.
http://i133.photobucket.com/albums/q54/1point3liter/misc/WEC_zpsscp5bw2s.png

I'm now trying to configure nxlog to pick up the event logs from my custom channels and forward them to a syslog server, but it doesn’t seem to be working.
nxlog does forward if I query the built in "Security" channel, but not from my custom channels (or even "forwarded events).

Any ideas?
Bryan

Here is a copy of my NXlog configuration file:

define ROOT C:\Program Files (x86)\nxlog
define ROOT_STRING C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension _syslog>
  Module xm_syslog
</Extension>

<Extension json>
  Module xm_json
</Extension>

#<Input eventlog>
#  Module im_msvistalog
#  SavePos TRUE
#  #Query <QueryList><Query Id="0"><Select Path="_ApplicationServers">*</Select></Query></QueryList>
#  #Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; to_json();
#  Exec $Message = to_json();
#</Input>

<Input eventlog>
    Module  im_msvistalog
    Query   <QueryList>\
            <Query Id="0">\
            <Select Path="WEC/AllServers">*</Select>\
            </Query>\
            </QueryList>
    </Input>

<Output out>
 Module om_tcp
 Host x.x.x.x
 Port 514
</Output>

<Route 1>
 Path internal, eventlog => out
</Route>