Has anyone seen this with NXlog when you are able to telnet to the host.  When I set this up in a test lab it works fine.  I assume a firewall but I can telnet fine to the host IP and port.

2016-05-20 09:41:31 ERROR om_tcp detected a connection error; An existing connection was forcibly closed by the remote host.
2016-05-20 09:41:32 INFO connecting to seclog.lowes.com:514

Very basic config.

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension _syslog>
    Module      xm_syslog
</Extension>

<Input in>
#Module      im_msvistalog
# For windows 2003 and earlier use the following:
Module      im_mseventlog
Exec if $EventID NOT IN (528, 529, 567, 592, 601, 602, 608, 612, 636, 7034, 7035, 7036, 7040, 4097, 64004, 2, 3005) drop();
</Input>

<Output out>
    Module      om_tcp
    Host        192.168.x.x
    Port        514
    Exec        to_syslog_snare();
</Output>

<Route 1>
    Path        in => out
</Route>