How to configure Kiwi Syslog Event Forwarder installed in Windows Server to send syslog in XML format?

sending Windows events (Security, System) logs over syslog. 

Need to be in XML form.

This is how the MS Event log look like  when forwarded by Kiwi Syslog Event Forwarder:

Oct 5 10:33:14 <hostname> MSWinEventLog  7  System 2382912 Tue Oct 05 10:33:12 2021 7392 ServiceControl

Manager   N/A Information <hostname> 0 The Microsoft Account Sign-in Assistant service entered the running state

Oct 5 10:33:18  <hostname> MSWinEventLog 5 Security2489291 Tue Oct 05 10:33:16 2021 4624 Microsoft-Windows-

Security-Auditing  N/A Audit Success  <hostname> 2283  An Account was successfully logged on.

Subject: 

        Security ID: S-x-x-x

       Account Name:   xxx

        Account Domain: xx

       Logon ID: 0xx

Logon Information:  

              Logon Type: 5

              Restrcted Admin Mode:

              Virtual Account : No

               Elevated Token:  Yes

Impersonation Level: Impersonation

New Logon:

You get the idea, the info that is sent is very disorganized, can it send using the original XML format?

You will need to use NXlog or something similar.  SWLF doesn't have the capability for format changes.

Why do you want to forward as .xml? There is a way If you want to save your logs as .xml in the manager. 

In the log to file action change .txt to .xml and change the log file format to XML tagged format

reason is I will need to forward the Windows events to Kiwi syslog server first, then these logs will then be forwarded to Splunk for parsing.

Splunk can't parse non xml windows event

would like to check any of you have integrated Windows event log with Kiwi Syslog then to Splunk before?