Hi, when configuring nxlog-CE on a Server 2016, there are limitations for collecting all eventlog sources. After starting the nxlog service, I see the following information in the nxlog-logfile: 2017-12-12 18:18:38 INFO nxlog-ce-2.9.1716 started 2017-12-12 18:18:50 WARNING Due to a limitation in the Windows EventLog subsystem, a query cannot contain more than 256 sources. here is my nxlog-configuration: define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log Module xm_gelf Module im_msvistalog Exec if ($EventType == 'VERBOSE') OR ($EventType == 'INFO') OR ($EventType == 'AUDIT_SUCCESS') drop(); Exec if ($SourceName == 'Microsoft-Windows-KnownFolders' AND $EventID == 1002) drop(); Module om_udp OutputType GELF Host our.graylog.server Port 1515 Path in => out We use the same configuration on our Windows Server 2012 / 2012 R2 systems without any issues. Will there be a fix in the a new edition? We don't want to filter the eventlog sources in the configuration. Kind regards, Markus

This is already solved in the NXLog Enterprise Edition as far as I know. It will be also fixed in the CE at some point but there is no ETA.