There is no detailed description of the use of the xm_filelist module in the manual. I made a configuration based on the guide https://nxlog.co/question/4095/drop-win-event-message-based-text-file-content, but it does not work. Help me, why the configuration does not work? <Extension Testlist> Module xm_filelist File "c:\logs\List\Testlist.txt" CheckInterval 600 </Extension> <Input in_ForwardedEvents> Module im_msvistalog ReadFromLast False SavePos True ResolveSID False PollInterval 5 <QueryXML> <QueryList> <Query Id="0" Path="Security"> <Select Path="Security">*[System[(EventID=4624)]]</Select> </Query> </QueryList> </QueryXML> </Input> <Processor proc_list> Module pm_transformer <Exec> if Testlist->contains($TargetUserName,$true) $rule = "rule1"; </Exec> </Processor> <Output out_file_raw> exec to_json(); Module om_file CreateDir TRUE File 'c:\logs\test.log' </Output> <Route rout_file> Path in_ForwardedEvents=> proc_list => out_file_raw </Route> Give an example configuration using the xm_filelist module.