Click here to expand

    Enabling Logs

    Enabling Windows Firewall Logs

    In order to monitor Windows firewall logs, add the Windows device from which the firewall logs are to be collected.

    For EventLog Analyzer to collect Windows Firewall logs, modify the local audit policy of added Windows devices and enable firewall related events. Follow the steps below to carry this out.

    1. Open the command prompt.
    2. Execute the following commands to enable logging of all firewall-related events:
      3. Copy to Clipboard

      auditpol.exe /set /category:"Policy Change" /subcategory:"MPSSVC rule-level policy change" /success:enable /failure:enable

      Copy to Clipboard

      auditpol.exe /set /category:"Policy Change" /subcategory:"Filtering Platform policy change" /success:enable /failure:enable

      Copy to Clipboard

      auditpol.exe /set /category:"Logon/Logoff" /subcategory:"IPsec Main Mode" /success:enable /failure:enable

      Copy to Clipboard

      auditpol.exe /set /category:"Logon/Logoff" /subcategory:"IPsec Quick Mode" /success:enable /failure:enable

      Copy to Clipboard

      auditpol.exe /set /category:"Logon/Logoff" /subcategory:"IPsec Extended Mode" /success:enable /failure:enable

      Copy to Clipboard

      auditpol.exe /set /category:"System" /subcategory:"IPsec Driver" /success:enable /failure:enable

      Copy to Clipboard

      auditpol.exe /set /category:"System" /subcategory:"Other system events" /success:enable /failure:enable

      Copy to Clipboard

      auditpol.exe /set /category:"Object Access" /subcategory:"Filtering Platform packet drop" /success:enable /failure:enable

      Copy to Clipboard

      auditpol.exe /set /category:"Object Access" /subcategory:"Filtering Platform connection" /success:enable /failure:enable


    3. Restart the device (or) force a manual refresh by using the following command: gpupdate /force
    Get download link