Firewall Log Collection Rule
Microsoft.SystemCenter.CollectFirewallLog (Rule)
Firewall Log Data Collection Rule
Element properties:
Member Modules:
Source Code:
<Rule ID="Microsoft.SystemCenter.CollectFirewallLog" Target="Windows!Microsoft.Windows.Computer" Enabled="false" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>Custom</Category>
<DataSources>
<DataSource ID="DS" TypeID="Microsoft.SystemCenter.FirewallLogDataSource" RunAs="System!System.PrivilegedMonitoringAccount">
<ComputerName>$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<FileLocation>%systemroot%\system32\LogFiles\Firewall</FileLocation>
<FileNamePattern>*.log.old</FileNamePattern>
<BatchIntervalInSeconds>20</BatchIntervalInSeconds>
<BatchEntries>1000</BatchEntries>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="HttpWA" TypeID="Types!Microsoft.SystemCenter.CollectCloudFirewallLogData"/>
</WriteActions>
</Rule>