Hi everyone! You many help me, thanks a lot. I hope you kind to help me now. My NXLog clients don't collect Windows System logs. And now I often see in my logs this message: ``` 2019-06-04 17:49:50 INFO nxlog-4.3.4308 started 2019-06-04 17:49:50 ERROR failed to subscribe to msvistalog events using bookmark: The interface is unknown. 2019-06-04 17:49:50 ERROR failed to subscribe to msvistalog events using bookmark: The interface is unknown. * * 2019-06-04 17:49:50 ERROR failed to subscribe to msvistalog events [error code: 1717]; The interface is unknown. ``` My config: ``` define ROOT C:\nxlog define NXLOGLOGFILE %ROOT%\data\nxlog.log define CERTDIR %ROOT%\cert PersistLogqueue TRUE SyncLogqueue TRUE CacheFlushInterval 0 CacheSync TRUE Module im_msvistalog ReadFromLast TRUE * Exec $FileName = 'winapp.log'; Exec $EventTime = $EventReceivedTime; Module im_msvistalog ReadFromLast TRUE * Exec $FileName = 'winsys.log'; Exec $EventTime = $EventReceivedTime; BufferSize 9500000 Module om_batchcompress Host 192.168.100.100 Port 1514 UseSSL true AllowUntrusted TRUE CAFile %CERTDIR%\cacert.pem CertFile %CERTDIR%\clientcert.pem CertKeyFile %CERTDIR%\clientkey.pem Path winapp, winsys => out ``` After restart service nothing new. Any ideas, please!

The interface is unknown error messages are normally because the underlying Event Log service is not running or has errors (not stable).
Suggested steps would be to restart the Windows Event Log service and then restart nxlog. I believe on some Windows versions, the service is just called Event Log.