Hi, I want to store my logs in .evtx file in windows. I tried following configuration. <Output out2>         Module      om_file   File     '%ROOT%\tmp\test.evtx' </Output> This created evtx file but it was also opening with notepad, wordpad,etc. For security purpose, I want to make it open with MS EventViewer API only. Is this possible using nxlog om_file module? Is there any plugin for nxlog to store data in .evtx files?

Hi,  I am doing a rule which detects me are making multiple responses of ICMP from the same IP in which there are diferent IPs.   The problem that i have is that don't write in the output with raw_event and file_write. In file_write I put the "otro" file.  Do you know it can be?   Antonio.   File nxlog.conf:   <Extension fileop>     Module      xm_fileop </Extension> <Input in4>     Module    im_file     File    "/home/antonio/Descargas/sn"     SavePos TRUE     Exec    if ($raw_event =~ /^\d\d:\d\d:\d\d.(.+)/) {     \                     $Message = $1;            \                     $raw_event = $Message;       \                 }     exec if $Message =~ /IP (\S{1,}) > \S{1,}:/ $IP=$1; </Input> <Input internal>     Module    im_internal     Exec    $raw_event = $Message; </Input> <Output out4>     Module    om_file     File    "/home/antonio/Descargas/nx" </Output> <Processor evcorr>     Module       pm_evcorr     <Thresholded>                 Condition  $Message =~ /^ICMP echo reply/             Threshold  3            Interval   120     Context $IP     Exec       $raw_event = "3 ECHO REPLY packets from host $IP";     Exec        file_write("/home/antonio/Descargas/otro", "3 ECHO REPLY packets from host $IP");     </Thresholded> </Processor> <Route 4> Path    in4, internal => evcorr => out4 </Route>   File sn:   17:11:33.953173 IP mad01s25-in-f3.1e100.net > 192.168.20.153: ICMP echo reply, id 62478, seq 2, length 64 17:11:33.953173 IP mad01s25-in-f3.1e100.net > 192.168.20.153: ICMP echo reply, id 62478, seq 2, length 64 17:11:33.953173 IP mad01s25-in-f3.1e100.net > 192.168.20.153: ICMP echo reply, id 62478, seq 2, length 64 17:11:33.953173 IP mad01s25-in-f3.1e100.net > 192.168.20.153: ICMP echo reply, id 62478, seq 2, length 64 17:11:33.953173 IP mad01s25-in-f3.1e100.net > 192.168.20.153: ICMP echo reply, id 62478, seq 2, length 64 17:11:33.953173 IP mad01s25-in-f3.1e100.net > 192.168.20.153: ICMP echo reply, id 62478, seq 2, length 64 17:11:33.953173 IP mad01s25-in-f3.1e100.net > 192.168.20.153: ICMP echo reply, id 62478, seq 2, length 64 17:11:33.953173 IP mad01s25-in-f3.1e100.net > 192.168.20.153: ICMP echo reply, id 62478, seq 2, length 64   File nx:   inode changed for '/home/antonio/Descargas/sn': reopening possibly rotated file 953173 IP mad01s25-in-f3.1e100.net > 192.168.20.153: ICMP echo reply, id 62478, seq 2, length 64 953173 IP mad01s25-in-f3.1e100.net > 192.168.20.153: ICMP echo reply, id 62478, seq 2, length 64 953173 IP mad01s25-in-f3.1e100.net > 192.168.20.153: ICMP echo reply, id 62478, seq 2, length 64 953173 IP mad01s25-in-f3.1e100.net > 192.168.20.153: ICMP echo reply, id 62478, seq 2, length 64 953173 IP mad01s25-in-f3.1e100.net > 192.168.20.153: ICMP echo reply, id 62478, seq 2, length 64 953173 IP mad01s25-in-f3.1e100.net > 192.168.20.153: ICMP echo reply, id 62478, seq 2, length 64 953173 IP mad01s25-in-f3.1e100.net > 192.168.20.153: ICMP echo reply, id 62478, seq 2, length 64 953173 IP mad01s25-in-f3.1e100.net > 192.168.20.153: ICMP echo reply, id 62478, seq 2, length 64   File otro:   Thanks :))

Hello I write input module for nxlog. I have wrote function to read data but I don't know how to tranfer data further. Which function should I call? nx_logdata_set_string?