Document toolboxDocument toolbox

firewall.windows

Introduction

The tags beginning with firewall.windows identify events generated by firewalls belonging to Windows.

Valid tags and data tables 

The full tag must have 3 levels. The first two are fixed as app.lastpass. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Windows Firewall

firewall.windows.stdout

firewall.windows.stdout

For more information, read more About Devo tags.

How is the data sent to Devo?

To send Windows firewall log events to Devo, make sure that the Windows firewall is logging events to a file on the local machine. Note the location and names of the log files.

Table structure

These are the fields displayed in this table:

firewall.windows.stdout

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

host

str

vhost

 

serverdate

str

 

 

action

str

 

 

protocol

str

 

 

srcIp

ip4

 

 

dstIp

ip4

 

 

srcPort

str

 

 

dstPort

str

 

 

size

int8

 

 

tcpflags

str

 

 

tcpsyn

str

 

 

tcpack

str

 

 

tcpwin

str

 

 

icmpType

str

 

 

icmpCode

str

 

 

info

str

 

 

path

str

 

 

hostchain

str

 

✓

tag

str

 

✓

 

Related articles

Â