The `windows-eventlog-xml-parser()` can parse messages in the Windows XML Event Log (EVTX) format.

Available in syslog-ng OSE 4.5 and later versions.

Example: Windows XML Event Log parser configuration

parser p_win {
    windows-eventlog-xml-parser(prefix(".winlog."));
};

The windows-eventlog-xml-parser() parser has the same parameters as the the XML parser.

Take care to include the parsers in a log statement to use them:

log {
    source(s_local);
    parser(windows-eventlog-xml-parser(prefix(".winlog.")));
    destination(d_local);
};

Updated: