Hi, I'm trying to use nxlog to to extract three metrics from a .set file. My OS is Windows 10. I edited the .conf file in "C:\Program Files (x86)\nxlog\conf" and it looks like this: Panic Soft #NoFreeOnExit TRUE define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE% Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data <Extension json> Module xm_json </Extension> <Extension sikora> Module xm_set Fields $Nominal, $PlusTol, $Oval # fields of interest (metrics) FieldTypes string, string, string # type of variable Delimiter ; EscapeControl FALSE </Extension> <Input sikora_logs> Module im_file File "C:\Users\50051145\Desktop\nx_log\\*.set" # imput file #ReadFromLast True #Recursive True #SavePos True ReadFromLast False Recursive False SavePos False &lt;Exec&gt; if $raw_event =~ /^Macrosezione : (.+)/ # creazione variabile { # create_var('macrosection'); # set_var('macrosection', $1); # drop(); # } sikora-&gt;parse_set(); delete($EventReceivedTime); delete($SourceModuleName); delete($SourceModuleType); if $raw_event =~ /^Operatore / { # variable definition for the if not defined get_var('start_time') # timestamp { # log_debug(&quot;parsed_time: &quot; + strptime($time, &quot;%d/%m/%Y %I:%M:%S&quot;)); # create_var('start_time'); # set_var('start_time', strptime($time, &quot;%d/%m/%Y %I:%M:%S&quot;)); drop(); } else { if get_var('start_time') != strptime($time,&quot;%d/%m/%Y %I:%M:%S&quot;) { log_debug(&quot;old_time: &quot; + get_var('start_time')); log_debug(&quot;new_time: &quot;, $time); set_var('start_time', strptime($time,&quot;%d/%m/%Y %I:%M:%S&quot;)); drop(); } } } $time = (integer(get_var('start_time')) / 1000000 + integer($time)) * 1000; # formula to convert timestamp in milliseconds $pressure = integer($pressure); $macrosection = get_var('macrosection'); $nominal = get_var('nominal'); $type = get_var('type'); to_json(); &lt;/Exec&gt; </Input> <Output out> Module om_file # CreateDir TRUE # File "C:\Users\50051145\Desktop\temp" + $fileName # output file </Output> <Route 1> Path sikora_logs => out </Route> When I run the program I expect an output file in a folder on my desktop "C:\Users\50051145\Desktop\temp" but I get nothing. I checked the logs and I get this: 2019-09-10 18:20:34 ERROR Failed to load module from C:\Program Files (x86)\nxlog\modules\extension\xm_set.dll, The specified module could not be found. ; The specified module could not be found. 2019-09-10 18:20:34 ERROR Failed to load module from C:\Program Files (x86)\nxlog\modules\output\om_file #.dll, The specified module could not be found. ; The specified module could not be found. 2019-09-10 18:20:34 ERROR Couldn't parse Exec block at C:\Program Files (x86)\nxlog\conf\nxlog.conf:38; couldn't parse statement at line 45, character 28 in C:\Program Files (x86)\nxlog\conf\nxlog.conf; module sikora not found 2019-09-10 18:20:34 ERROR module 'sikora_logs' has configuration errors, not adding to route '1' at C:\Program Files (x86)\nxlog\conf\nxlog.conf:93 2019-09-10 18:20:34 ERROR module 'out' is not declared at C:\Program Files (x86)\nxlog\conf\nxlog.conf:93 2019-09-10 18:20:34 ERROR route 1 is not functional without input modules, ignored at C:\Program Files (x86)\nxlog\conf\nxlog.conf:93 2019-09-10 18:20:34 WARNING no routes defined! 2019-09-10 18:20:34 WARNING not starting unused module sikora_logs 2019-09-10 18:20:34 INFO nxlog-ce-2.10.2150 started 2019-09-11 11:10:27 WARNING stopping nxlog service 2019-09-11 11:10:27 WARNING nxlog-ce received a termination request signal, exiting... It appers that xm_set.dll library is missing, "The specified module could not be found". I found out in "C:\Program Files (x86)\nxlog\modules\extension" that nxlog doesn't come with a .set library. How can I add this library ? Thank you

Hello everybody, I'm trying to filter Windows events log with severity/level only from warning to critical, so from level 1 to 3. Unfortunately, I tried several configurations, but the agent is still forwarding all the events. Like if there were no filters. My specifications are, Nxlog CE Agent (version 2.10.2102) on a Windows 10 64 bits build 1803 with this conf : Panic Soft define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE% Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data <Extension _syslog> Module xm_syslog </Extension> <Input eventlog> Module im_msvistalog <QueryXML> <QueryList> <Query Id='0'> <Select Path='Application'>*[System[(Level=1 or Level=2 or Level=3)]]</Select> <Select Path='Security'>*[System[(Level=1)]]</Select> <Select Path='Setup'>*[System[(Level=1 or Level=2 or Level=3)]]</Select> <Select Path='System'>*[System[(Level=1 or Level=2 or Level=3)]]</Select> </Query> </QueryList> </QueryXML> </Input> <Processor buffer> Module pm_buffer MaxSize 102400 Type disk </Processor> <Output out> Module om_tcp Host X.X.X.X Port 514 Exec to_syslog_snare(); </Output> <Route 1> Path eventlog => buffer => out </Route> Am I missing something? Did something change recently in the syntax? Thanks for your help. Best regards :)

We've had some clients where we install & deploy the MSI via group policy -- using the latest version 2.9.1347. On Windows 10 -- it looks like the install succeeds (all the nx log files exist in Program Files (x86), etc.) -- but the service never gets installed. We don't see the nx log service anywhere in services.msc -- and don't see any logs saying that its install failed. We've now seen this on multiple Windows 10 machines. Has anyone else -- and is there a workaround?