# Below is my NXLOG configuration file to parse define ROOT C:\Program Files (x86)\nxlog Module xm_gelf Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log Module xm_multiline HeaderLine /^/ EndLine /^/ Module xm_xml Module xm_json Module im_file File "C:\\test\\server\\Azurion\\SoftwarePackage\\test.xml" InputType multiline # Discard everything that doesn't seem to be an xml event if $raw_event !~ /^/ drop(); # Parse the xml event parse_xml(); #Rewrite some fields $EventTime = parsedate($timestamp); delete($timestamp); delete($EventReceivedTime); # Convert to JSON to_json(); Module om_file File "C:\\Users\\320005935\\Desktop\\new.txt" Path filein => fileout # This is my XML file 2012-11-23 23:00:00 ERROR Something bad happened. Please check the system. 2012-11-23 23:00:12 INFO System state is now back to normal.

This all actually looks good. I ran your config just to verify and I received the following:

{"SourceModuleName":"filein","SourceModuleType":"im_file","severity":"ERROR","message":"\n    Something bad happened.\n    Please check the system.\n  ","EventTime":"2012-11-23T23:00:00.000000-05:00"}
{"SourceModuleName":"filein","SourceModuleType":"im_file","severity":"INFO","message":"\n   System state is now back to normal.\n  ","EventTime":"2012-11-23T23:00:12.000000-05:00"}

Are you updating this file or is it a static file? If it is a static file, NXLog will not read portions that exist before the service is started by default. I added the following to the config to read the file from the start:

    SavePos         False
    ReadFromLast    False

You may want to do something about the newline characters though.