Running NXLOG on Windows 2016 Error failed to subscribe to msvistalog events, the channel was not found [error code: 15007], the specific channel could not be found. check channel configuration NXLOG config file as requested. Sample of NXLOG configuration file This is a sample configuration file. See the nxlog reference manual about the configuration options. It should be installed locally and is also available online at http://nxlog.org/docs/ Please set the ROOT to the folder your nxlog was installed into, otherwise it will not start. #define ROOT C:\Program Files\nxlog define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension _syslog> Module xm_syslog </Extension> <Input in> Module im_msvistalog For windows 2003 and earlier use the following: Module im_mseventlog Query <QueryList> <Query Id="0"> <Select Path="Application"></Select> <Select Path="System"></Select> <Select Path="Security"></Select> <Select Path="ForwardedEvents"></Select> <Select Path="Setup"></Select> <Select Path="Microsoft-Windows-Sysmon/Operational"></Select> </Query> </QueryList> </Input> <Output out> Module om_tcp Host x.x.x.x Port 514 Exec to_syslog_snare(); </Output> <Route 1> Path in => out </Route>