Hello, I have recently been trying up a syslog-ng server for various devices and have tried a couple of things for sending Windows Events to the server.

Finally decieded that NXLog will do what I need and I have gotten sent some events over without much configuration, but when trying filter within the .conf file, it always fails. I can't really find much good information as to why it might be failing, as it seems that it should be correct.(to me anyway)

# Windows Event Log, 
<Input s_eventlog>
    Module im_msvistalog
    Exec if $EventID == 4734 or $EventID == 4624 drop(); 
    Exec $Message = to_json();
</Input>

I have narrowed it down to this block, since the log says

nxlog failed to start: </Input> without matching <Input> section at C:\Program Files (x86)\nxlog\conf\nxlog.conf:43

Which is where this block ends?

I can't really make sense of this, so if anyone has some guidance please tell me.