Is there a connector for collecting events related to Windows firewall rules changes in Windows Server 2008? The events produced in the Security log leave a lot to be desired. They indicate what rules have been changed but not what the changes are and who is making the change. However, I did find that there is another log in Windows Server 2008 under Applications and Services Log> Microsoft> Windows> Windows Firewall with Advanced Security> Firewall. The events logged here are much more "human readable" which includes the name of the account that made the change. Does the LEM agent forward these events and is there a LEM connector that parses these events?
↧