Hello, we’re looking at using multiple instances of nxlog.exe on the same Windows machine. What is the supported method for this please?

If I create a new process we receive the ERROR Service is already running log entry.

Thanks

I am a bit confused by the documentation on nxlogce.  Below is my sample config.  It collects some of the logs just fine but does not collect the logs that I want.  Security comes through just fine, application not so much, and system is spotty. I would like to explictyly define Microsoft-Windows-TerminalServices-LocalSessionManager/Operational.  If that is not possible I would like to get the forwarded logs from a logcollector and index them.  I have tried the documented query statements
 

    Query   <QueryList>\
        <Query Id="0">\
#            <Select Path="Security">*</Select>\
            <Select Path="System">*</Select>\
            <Select Path="Application">*</Select>\
            <Select Path="Setup">*</Select>\
            <Select Path='Microsoft-Windows-TerminalServices-LocalSessionManager/Operational'>*</Select>\
        </Query>\
    </QueryList>

and this does not seem to work. If I just leave the sataement as below I do get some messages back but not all, Do I need to buffer my messages to get everything flowing through? 

## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension gelf>
    Module      xm_gelf
</Extension>

<Input Eventlog>
    # Use 'im_mseventlog' for Windows XP and 2003
    Module      im_msvistalog
</Input>

<Output outevt>
    Module      om_tcp
    Host       myhost.mycomany.local
    Port        1338
    OutputType  GELF
</Output>

<Route Eventlog>
    Path        Eventlog => outevt
</Route>

Well...

NXlog (last vrsion from this site) installed on windows server 2012R2

Configured to get win-logs:

SavePos TRUE

    Module      im_msvistalog
    Query     <QueryList>                        \
              <Query Id="0" Path="Security">            \
                <Select Path="Application">*</Select>    \
                    <Select Path="Security">*</Select>    \
                    <Select Path="System">*</Select>    \
                    <Suppress Path="Security">*[System[(EventID=5156 or EventID=4663 or EventID=5158 or EventID=5440 or EventID=5444)]]</Suppress>    \
                    <Suppress Path="System">*[System[(EventID=5156 or EventID=4663 or EventID=5158 or EventID=5440 or EventID=5444)]]</Suppress>    \
                  </Query>                \
        </QueryList>

As a result I see events only from System and Application... Nothing from Security

Any Idea why it can happen?

Logs are captured by windows - I can see it with eventvwr.msc, but nothing with Nxlog

NXlog have no information, looks like everything is ok:

...INFO nxlog-ce-2.8.1248 started... - no errors, no warnings... nothing else