Hello community, I have to collect Security logs from a Windows Server 2003. Sometimes, I have the following errors :   2017-11-22 09:03:52 INFO nxlog-ce-2.9.1504 started 2017-11-22 09:03:52 INFO connecting to siem.nutrition.lan:1514 2017-11-22 09:03:52 WARNING got ERROR_INVALID_PARAMETER (errorcode: 87) for the Security log, will try to reopen in 1 sec. ReadFromLast is TRUE and will try to restart from the last position. This might result in uncollected logs. 2017-11-22 09:03:54 INFO Successfully reopened Security EventLog 2017-11-22 09:03:54 WARNING got ERROR_INVALID_PARAMETER (errorcode: 87) for the Security log, will try to reopen in 2 sec. ReadFromLast is TRUE and will try to restart from the last position. This might result in uncollected logs. 2017-11-22 09:03:57 INFO Successfully reopened Security EventLog 2017-11-22 09:03:57 WARNING got ERROR_INVALID_PARAMETER (errorcode: 87) for the Security log, will try to reopen in 4 sec. ReadFromLast is TRUE and will try to restart from the last position. This might result in uncollected logs. 2017-11-22 09:04:02 INFO Successfully reopened Security EventLog 2017-11-22 09:04:02 WARNING got ERROR_INVALID_PARAMETER (errorcode: 87) for the Security log, will try to reopen in 8 sec. ReadFromLast is TRUE and will try to restart from the last position. This might result in uncollected logs. 2017-11-22 09:04:11 INFO Successfully reopened Security EventLog 2017-11-22 09:04:11 WARNING got ERROR_INVALID_PARAMETER (errorcode: 87) for the Security log, will try to reopen in 16 sec. ReadFromLast is TRUE and will try to restart from the last position. This might result in uncollected logs.   Here is my config file :      define ROOT C:\Program Files\nxlog   Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log   ############################ # EXTENSION  ############################   # Enable json extension <Extension json>     Module xm_json </Extension>   # Enable syslog extension <Extension syslog>     Module xm_syslog </Extension>   # Enable conversion module <Extension charconv>     Module xm_charconv     AutodetectCharsets utf-8, euc-jp, utf-16, utf-32, iso8859-2 </Extension>     ############################ # INPUT  ############################   # Nxlog internal logs <Input internal>     Module im_internal     Exec to_json(); </Input>   # Windows Event Log for 2003 server <Input eventlog2003>   # Module for Windows 2003 server     Module im_mseventlog Sources Security     Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000;     Exec convert_fields("AUTO", "utf-8");     Exec $Message = to_json(); to_syslog_bsd(); </Input>     ############################ # OUTPUT  ############################     <Output siem>     Module         om_tcp     Host    collector.company.com     Port    1514 </Output>   <Route 1>     Path     eventlog2003, internal => siem </Route>   I can solve the issue by restarting nxlog agent but this is not a definitive solution... Anybody has the same issue ?