We are testing nxlog for syslog forwarder for replacment of windows own provided forwarder EvtSys. We are getting logs at syslog server, but see many special characters and such such #015, #012, #011 in multiple places in log.

Below is configuration of .conf file

<Input in>
Module im_msvistalog
</Input>

<Output out>
Module om_udp
Host ...*
Port 514
</Output>

#################### ROUTE ###########
<Route r2>
Path in => out
</Route>


Can you please guide us how to resolve it. I am hereby providing Log snippet of both EvtSys generated log and nxlog generated log


Sample Log snippet generated by Windows syslog forwarder EvtSys
Apr 22 09:01:03 WindowsHostMachine Security-Auditing: 4624: AUDIT_SUCCESS An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WindowsHostMachine$ Account Domain: TEST Logon ID: 0x3E7 Logon Type: 10 Impersonation Level: Impersonation New Logon: Security ID: S-1-5-21-3128912327-2939948577-25280133-5861


Sample Log snippet generated by nxlog
Apr 20 12:41:55 2021-04-20 12: 41:29 WindowsHostMachine AUDIT_SUCCESS 4624 An account was successfully logged on.#015#012#015#012Subject:#015#012#011Security ID:#011#011S-1-0-0#015#012#011Account Name:#011#011-#015#012#011Account Domain:#011#011-#015#012#011Logon ID:#011#0110x0#015#012#015#012Logon Type:#011#011#0113#015#012#015#012Impersonation Level:#011#011Impersonation#015#012#015#012New Logon:#015#012#011Security ID:#011#011S-1-5-21-3128912327-2939948577-25280133-30353#015#012#011