Firewall Log Collection Rule

Microsoft.SystemCenter.CollectFirewallLog (Rule)

Firewall Log Data Collection Rule

Element properties:

TargetMicrosoft.Windows.Computer
CategoryCustom
EnabledFalse
Alert GenerateFalse
RemotableTrue

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.SystemCenter.FirewallLogDataSource System.PrivilegedMonitoringAccount
HttpWA WriteAction Microsoft.SystemCenter.CollectCloudFirewallLogData Default

Source Code:

<Rule ID="Microsoft.SystemCenter.CollectFirewallLog" Target="Windows!Microsoft.Windows.Computer" Enabled="false" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>Custom</Category>
<DataSources>
<DataSource ID="DS" TypeID="Microsoft.SystemCenter.FirewallLogDataSource" RunAs="System!System.PrivilegedMonitoringAccount">
<ComputerName>$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<FileLocation>%systemroot%\system32\LogFiles\Firewall</FileLocation>
<FileNamePattern>*.log.old</FileNamePattern>
<BatchIntervalInSeconds>20</BatchIntervalInSeconds>
<BatchEntries>1000</BatchEntries>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="HttpWA" TypeID="Types!Microsoft.SystemCenter.CollectCloudFirewallLogData"/>
</WriteActions>
</Rule>