firewall.windows
- Juan Tomás Alonso Nieto (Deactivated)
- Former user (Deleted)
Introduction
The tags beginning with firewall.windows identify events generated by firewalls belonging to Windows.
Valid tags and data tablesÂ
The full tag must have 3 levels. The first two are fixed as app.lastpass. The third level identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
|---|---|---|
Windows Firewall |
|
|
For more information, read more About Devo tags.
How is the data sent to Devo?
To send Windows firewall log events to Devo, make sure that the Windows firewall is logging events to a file on the local machine. Note the location and names of the log files.
Table structure
These are the fields displayed in this table:
firewall.windows.stdout
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
| Â | Â |
host |
| vhost | Â |
serverdate |
| Â | Â |
action |
| Â | Â |
protocol |
| Â | Â |
srcIp |
| Â | Â |
dstIp |
| Â | Â |
srcPort |
| Â | Â |
dstPort |
| Â | Â |
size |
| Â | Â |
tcpflags |
| Â | Â |
tcpsyn |
| Â | Â |
tcpack |
| Â | Â |
tcpwin |
| Â | Â |
icmpType |
| Â | Â |
icmpCode |
| Â | Â |
info |
| Â | Â |
path |
| Â | Â |
hostchain |
|  | ✓ |
tag |
|  | ✓ |
Â
Related articles
Â