- Related Products
- ADManager Plus
- ADAudit Plus
- ADSelfService Plus
- Exchange Reporter Plus
- AD360
- Log360
In order to monitor Windows firewall logs, add the Windows device from which the firewall logs are to be collected.
For EventLog Analyzer to collect Windows Firewall logs, modify the local audit policy of added Windows devices and enable firewall related events. Follow the steps below to carry this out.
auditpol.exe /set /category:"Policy Change" /subcategory:"MPSSVC rule-level policy change" /success:enable /failure:enable
auditpol.exe /set /category:"Policy Change" /subcategory:"Filtering Platform policy change" /success:enable /failure:enable
auditpol.exe /set /category:"Logon/Logoff" /subcategory:"IPsec Main Mode" /success:enable /failure:enable
auditpol.exe /set /category:"Logon/Logoff" /subcategory:"IPsec Quick Mode" /success:enable /failure:enable
auditpol.exe /set /category:"Logon/Logoff" /subcategory:"IPsec Extended Mode" /success:enable /failure:enable
auditpol.exe /set /category:"System" /subcategory:"IPsec Driver" /success:enable /failure:enable
auditpol.exe /set /category:"System" /subcategory:"Other system events" /success:enable /failure:enable
auditpol.exe /set /category:"Object Access" /subcategory:"Filtering Platform packet drop" /success:enable /failure:enable
auditpol.exe /set /category:"Object Access" /subcategory:"Filtering Platform connection" /success:enable /failure:enable