#Hello, tanks in advance . #I am sending multiple logs from windows server to a linux collector #I have no issues with windows system logs , #Seems i can not send via snare windows system logs, and test plain text logs. #Is there any way to do that? But when i switch to snare i can see no description about the warning 2022-10-21T09:21:21+00:00 Winserver MSWinEventLog#0111#011N/A#0111#011Fri Oct 21 09:21:21 2022#011N/A#011N/A#011N/A#011N/A#011N/A#011N/A#011N/A#011#011N/A#011N/A#015 The same line with snare commented: 2022-10-21T09:18:23.208210+00:00 Winserver WARNING: Can't open file \?\C:...\UPPS\UPPS.BIN: Permission denied#015 #My config: Panic Soft #NoFreeOnExit TRUE define ROOT C:\App\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE% Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data <Extension _syslog> Module xm_syslog </Extension> <Extension _charconv> Module xm_charconv AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32 </Extension> <Extension _exec> Module xm_exec </Extension> <Input internal> Module im_internal Exec $Hostname = hostname_fqdn(); </Input> <Input vistalog> Module im_msvistalog </Input> <Input eventlog> Module im_mseventlog </Input> <Input testFile> Module im_file SavePos True RenameCheck True Recursive True PollInterval 0.5 #near real time File "C:\test\myfile.txt" ReadFromLast True </Input> <Output out> Module om_tcp Host linux Port 514 #Exec to_syslog_snare(); </Output> <Route r> Path internal, eventlog, vistalog, testFile => out Path testFile => out </Route>