I'm trying to send Windows firewall logs located @ C:\Windows\system32\LogFiles\Firewall\pfirewall.log to the Nagios log server using the article below
https://support.nagios.com/kb/article/n ... s-488.html
I attached my complete nxlog.conf file but here is the section I added. How do you send the Windows firewall logs?
<Input pfirewall>
Module im_file
File 'C:\Windows\system32\LogFiles\Firewall\pfirewall.log'
SavePos FALSE
ReadFromLast FALSE
Exec $Message = $raw_event;
</Input>
<Route 1>
Path internal, file1, eventlog, pfirewall => out
</Route>
Windows firewall logs
Windows firewall logs
You do not have the required permissions to view the files attached to this post.
Re: Windows firewall logs
Generally that looks correct. Can you verify that the pfirewall.log file exists and has data in it? That's where my system is set to write firewall logs as well, but I don't even have the file.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Windows firewall logs
Once you turn your firewall on and enabled logging the file will be created
and the C:\Windows\system32\LogFiles\Firewall\pfirewall.log is the universal storage location on all Windows 10, and Server editions.
Do I need to enter text to use Module im_file ?
and the C:\Windows\system32\LogFiles\Firewall\pfirewall.log is the universal storage location on all Windows 10, and Server editions.
Do I need to enter text to use Module im_file ?
-
Box293
- Too Basu
- Posts: 5126
- Joined: Sun Feb 07, 2010 10:55 pm
- Location: Deniliquin, Australia
- Contact:
Re: Windows firewall logs
The guide states that initially it will send all the log data to Nagios Log Server, that is why SavePos FALSE and ReadFromLast FALSE are initially defined.
Does the pfirewall.log file contain data and is it being populated with information?
You can enable debugging on NXLog to see what is happening:
Did you test NXLog before proceeding to add extra logging? Was this a fresh install of NXLog on this machine? It may just be that NXLog is not correctly working, for example firewall ports may not be open.
Does the pfirewall.log file contain data and is it being populated with information?
You can enable debugging on NXLog to see what is happening:
Code: Select all
# Uncomment for debug output
# Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n");As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Windows firewall logs
Yes, the pfirewall.log does file contain data that begin populated
Yes, I set up NXLog to first send event logs and it works fine, the Nagios Log server gets all the event logs.
I reread the article and missed an important section that stated I had to filter my search for the SourceModuleName on the log server.
It working thanks for talking me through it.
To explain the changes made above, the
name important_application is what
Nagios Log Server will identify as the
SourceModuleName field when it is received.
Yes, I set up NXLog to first send event logs and it works fine, the Nagios Log server gets all the event logs.
I reread the article and missed an important section that stated I had to filter my search for the SourceModuleName on the log server.
It working thanks for talking me through it.
To explain the changes made above, the
name important_application is what
Nagios Log Server will identify as the
SourceModuleName field when it is received.
Re: Windows firewall logs
Excellent, I'm glad you got it working! Thank you for posting the solution back here! I will close this thread.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!