Windows firewall varies between versions. Logs are usually located at: %systemroot%\system32\LogFiles\Firewall\pfirewall.log They are enabled per active profile (domain / public / private) and you need to specify if to log accepted connections and dropped packets.
Get the config app at: Start->Windows Firewall with advanced security. Once you verify this file was created / is updated , include it in your ossec configuration (local files to follow) -Roy On Sunday, September 15, 2013 9:39:10 PM UTC-7, sayed mohammad hossein jafari wrote: > > Hi > > I want to send my windows firewall log (OPEN-INBOUND TCP) to ossec . > I have this predecoder in my ossec's Decoder.xml But I can't get it with > ossec. > Can you help me How can I get this log? > should I write a rule? which rule? > > Thanks > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
