Click here to expand

    Enabling Logs

    Enabling Windows Firewall Logs

    In order to monitor Windows firewall logs, add the Windows device from which the firewall logs are to be collected.

    For EventLog Analyzer to collect Windows Firewall logs, modify the local audit policy of added Windows devices and enable firewall related events. Follow the steps below to carry this out.

    1. Open the command prompt.
    2. Execute the following commands to enable logging of all firewall-related events:
    3. Copy to Clipboard

      auditpol.exe /set /category:"Policy Change" /subcategory:"MPSSVC rule-level policy change" /success:enable /failure:enable

      Copy to Clipboard

      auditpol.exe /set /category:"Policy Change" /subcategory:"Filtering Platform policy change" /success:enable /failure:enable

      Copy to Clipboard

      auditpol.exe /set /category:"Logon/Logoff" /subcategory:"IPsec Main Mode" /success:enable /failure:enable

      Copy to Clipboard

      auditpol.exe /set /category:"Logon/Logoff" /subcategory:"IPsec Quick Mode" /success:enable /failure:enable

      Copy to Clipboard

      auditpol.exe /set /category:"Logon/Logoff" /subcategory:"IPsec Extended Mode" /success:enable /failure:enable

      Copy to Clipboard

      auditpol.exe /set /category:"System" /subcategory:"IPsec Driver" /success:enable /failure:enable

      Copy to Clipboard

      auditpol.exe /set /category:"System" /subcategory:"Other system events" /success:enable /failure:enable

      Copy to Clipboard

      auditpol.exe /set /category:"Object Access" /subcategory:"Filtering Platform packet drop" /success:enable /failure:enable

      Copy to Clipboard

      auditpol.exe /set /category:"Object Access" /subcategory:"Filtering Platform connection" /success:enable /failure:enable


    4. Restart the device (or) force a manual refresh by using the following command: gpupdate /force

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       
    Get download link