Hi, I install NXLog Enterprise Edition v5 trial And try to filter out events before send to SIEM. I can get some events and see SIEM side. But when I create fake event , cannot see all. What I want? I want to forward Windows server APP, SEC ve SYS logs that have only WARNING,ERROR and CRITICAL levels in CEF format Is that config part correct? <Extension _syslog> Module xm_syslog </Extension> <Extension _cef> Module xm_cef </Extension> <Input in_jornal> Module im_msvistalog # For windows 2003 and earlier use the following: # Module im_mseventlog # Channel Security <QueryXML> <QueryList> <Query Id='0'> <Select Path='Application'> *[System/Level&lt;4] </Select> <Select Path='Security'> *[System/Level&lt;4] </Select> <Select Path='System'> *[System/Level&lt;4] </Select> </Query> </QueryList> </QueryXML>

I am looking to output syslog logs from Dell Firewall into a local directory on my windows box and I am getting error message as below: === 2020-12-11 07:01:21 WARNING not starting unused module syslogs 2020-12-11 07:01:21 INFO nxlog-ce-2.10.2150 started 2020-12-11 07:01:21 ERROR failed to open tmp/output; The system cannot find the path specified. ===== I do not understand where i can reference the "tmp/output" within the "C:\Program Files (x86)\nxlog*" or how i can point the output file to another directory. This is a windows box and i will like the files to be written to a folder path under C directory. Can anyone help?

Hello, I am trying to setup NXLog so that multiple Windows Servers will send their Event logs to a central server, and that server will output them into basic text files. The logs are delivered to the central server just fine, but instead of going to separate routes as I have configured, all logs appear to be delivered to the same route, which happens to be the first one listed. Any help would be greatly appreciated. ## This is a sample configuration file. See the nxlog reference manual about the ## configuration options. It should be installed locally and is also available ## online at http://nxlog.org/docs/ ## Please set the ROOT to the folder your nxlog was installed into, ## otherwise it will not start. #define ROOT C:\Program Files\nxlog define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log ########## BEGIN EXTENSIONS ########## <Extension syslog>     Module  xm_syslog </Extension> ########## END EXTENSIONS ########## ########## BEGIN INPUTS ########## <Input in_xxx>     Module      im_tcp     Host 0.0.0.0     Port 514 </Input> <Input in_yyy>     Module      im_tcp     Host 0.0.0.0     Port 514 </Input> <Input in_zzz>     Module      im_tcp     Host 0.0.0.0     Port 514 </Input> ########## END INPUTS ########## ########## BEGIN OUTPUTS ########## <Output out_xxx>     Module      om_file     File "C:\\Logs\\xxx_NXLog.txt"     CreateDir FALSE     Truncate FALSE     OutputType LineBased </Output> <Output out_yyy>     Module      om_file     File "C:\\Logs\\yyy_NXLog.txt"     CreateDir FALSE     Truncate FALSE     OutputType LineBased </Output> <Output out_zzz>     Module      om_file     File "C:\\Logs\\zzz_NXLog.txt"     CreateDir FALSE     Truncate FALSE     OutputType LineBased </Output> ########## END OUTPUTS ########## ########## BEGIN ROUTES ########## <Route 1>     Path        in_xxx => out_xxx </Route> <Route 2>     Path        in_yyy => out_yyy </Route> <Route 3>     Path        in_zzz => out_zzz </Route> ########## END ROUTES ########## Thank you.