[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-list
Subject: [ossec-list] Re: send my windows firewall log (OPEN-INBOUND TCP) to ossec
From: Roy Feintuch <roy () dome9 ! com>
Date: 2013-09-17 0:16:52
Message-ID: 18fdb38a-61ff-4c25-bac7-396aaa4f6802 () googlegroups ! com
[Download RAW message or body]
Windows firewall varies between versions.
Logs are usually located
at: %systemroot%\system32\LogFiles\Firewall\pfirewall.log
They are enabled per active profile (domain / public / private) and you
need to specify if to log accepted connections and dropped packets.
Get the config app at:
Start->Windows Firewall with advanced security.
Once you verify this file was created / is updated , include it in your
ossec configuration (local files to follow)
-Roy
On Sunday, September 15, 2013 9:39:10 PM UTC-7, sayed mohammad hossein
jafari wrote:
>
> Hi
>
> I want to send my windows firewall log (OPEN-INBOUND TCP) to ossec .
> I have this predecoder in my ossec's Decoder.xml But I can't get it with
> ossec.
> Can you help me How can I get this log?
> should I write a rule? which rule?
>
> Thanks
>
--
---
You received this message because you are subscribed to the Google Groups \
"ossec-list" group. To unsubscribe from this group and stop receiving emails from it, \
send an email to ossec-list+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/groups/opt_out.
[Attachment #3 (text/html)]
<div dir="ltr">Windows firewall varies between versions. <div>Logs are usually \
located at: %systemroot%\system32\LogFiles\Firewall\pfirewall.log</div><div>They \
are enabled per active profile (domain / public / private) and you need to specify if \
to log accepted connections and dropped packets.<br></div><div><br></div><div>Get the \
config app at:</div><div>Start->Windows Firewall with advanced \
security.</div><div><br></div><div>Once you verify this file was created / is updated \
, include it in your ossec configuration (local files to \
follow)</div><div><br></div><div>-Roy</div><div><br>On Sunday, September 15, 2013 \
9:39:10 PM UTC-7, sayed mohammad hossein jafari wrote:<blockquote class="gmail_quote" \
style="margin: 0;margin-left: 0.8ex;border-left: 1px #ccc solid;padding-left: \
1ex;"><div dir="ltr">Hi<div><br></div><div>I want to send my windows firewall log \
(OPEN-INBOUND TCP) to ossec . </div><div>I have this predecoder in my ossec's \
Decoder.xml But I can't get it with ossec.</div><div>Can you help me How can I get \
this log?</div><div>should I write a rule? which \
rule?</div><div><br></div><div>Thanks</div></div></blockquote></div></div>
<p></p>
-- <br />
<br />
--- <br />
You received this message because you are subscribed to the Google Groups \
"ossec-list" group.<br /> To unsubscribe from this group and stop receiving \
emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.<br /> For \
more options, visit <a \
href="https://groups.google.com/groups/opt_out">https://groups.google.com/groups/opt_out</a>.<br \
/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic