I am using a config of Output syslog1> Module om_tcp Host syslog.server.name Port 6514 Exec to_syslog_ietf(); OutputType Syslog_TLS </Output> and a source of <Input eventlog_application> Module im_msvistalog Query <QueryList> <Query Id="0"> <Select Path="Application">*</Select> </Query> </QueryList> <Exec> $Message = 'EventID[' + $EventID + '] Log[' + $Channel + '] Type[' + $EventType + '] Domain[' + $Domain + '] User[' + $AccountName + '] ' + $Message; $SyslogFacilityValue = 3; </Exec> </Input> but when the message arrives as the syslog server the ident field does NOT include the PID. I expaect something like SourceName[PID]: the text of the message but what I get is SourceName: the text of the message How can I get the PID of the SourceName?