Hi Aaron,
Just add C:\Windows\pfirewall.log with a format of "syslog". Whenever
you have a one-log-per-line
file, the syslog format should work fine.
<localfile>
<log_format>syslog</log_format>
<location>C:\Windows\pfirewall.log</location>
</localfile>
Hope it helps.
--
Daniel B. Cid
dcid ( at ) ossec.net
On Dec 3, 2007 11:02 AM, Aaron Bliss <[EMAIL PROTECTED]> wrote:
>
> Hi everyone,
> I'm just trying to figure out how to monitor the built in windows
> firewall logs with ossec. I've have the windows policies configured,
> logging, etc, but I'm not sure what the log_format directive should be
> set to. Thanks for your help.
>
> Aaron
>
