When NXLog formats the the Event Log as `om_out` it formats the JSON correctly ``` define Format {if defined($EventTime) $timestamp = strftime($EventTime, '%Y-%m-%dT%H:%M:%SZ');else $timestamp = strftime($EventReceivedTime, '%Y-%m-%dT%H:%M:%SZ');rename_field("service_id", "_service_id");rename_field("timestamp", "_timestamp");rename_field("log_type", "_log_type");$body = $raw_event;$attributes = to_json();if defined($tag) $raw_event = "{" + '"timestamp"' + ':"' + $_timestamp + '",' + '"service_id"' + ':"' + $_service_id + '",' + '"tag"' + ':"' + $tag + '",' + '"log_type"' + ':"' + $_log_type + '",' + '"attributes"' + ':' + $attributes + '}';else $raw_event = "{" + '"timestamp"' + ':"' + $_timestamp + '",' + '"service_id"' + ':"' + $_service_id + '",' + '"log_type"' + ':"' + $_log_type + '",' + '"attributes"' + ':' + $attributes + '}';} ``` This is executed in the `` block which formats it into JSON format. When the `om_http` is called the same way as `om_out` an error is logged as an over sized string. At first the JSON looks normal but as the code goes on you get an excessively long string. Packet capture from Wireshark showing the end of the REST POST request. ``` POST / HTTP/1.1 User-Agent: nxlog-ce Content-Length: 621554 Beginning: {"timestamp":"2020-02-17T14:19:33Z","service_id":"id","tag":"security","log_type":"ea2_test","attributes":{"EventTime":"2020-02-17 14:19:33","Hostname":"hostname","Keywords":-9214364837600034816,"EventType":"AUDIT_SUCCESS","SeverityValue":2,"Severity":"INFO","EventID":4663,"SourceName":"Microsoft-Windows-Security-Auditing", End: Accesses:\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\t\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\tWRITE_DAC\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\r\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\n\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\t\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\t\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\t\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\t\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\r\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\n\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\tAccess Mask:\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\t\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\t0x40000\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"}\\\\\\\\\\\\\\\"}\\\\\\\"}\\\"}\"}"}} ``` Why is it not working when you use the `om_http` module but works with the `om_out` module. Suggestions? Thanks in advance! ***EDIT:*** It looks like NXLog-CE broke itself. I was able to fix this by deleting everything in the nxlog/data folder and then reinstalled the agent. Now, using the exact same config files it appears to be working.