The firewall.windows.stdout tag is applied to events generated by the Windows firewall.
To send Windows firewall log events to Devo:
Make sure that the Windows firewall is logging events to a file on the local machine. Note the location and names of the log files.
- Use the MagicLog component of the Devo Agent for Windows to monitor the file and forward the events to the Devo endpoint. When you add the new folder to monitor the firewall logs, enter the settings as follows indicating the correct Folder Path and File Pattern on your machine.
Restart the MagicLog agent when you have saved the new folder. The events should begin flowing to the Devo endpoint.