icon-pdfDownload PDF lhs-panel
lhs-panel Click here to expand

Enabling Logs

Enabling Windows Firewall Logs

In order to monitor Windows firewall logs, add the Windows device from which the firewall logs are to be collected.

For EventLog Analyzer to collect Windows Firewall logs, modify the local audit policy of added Windows devices and enable firewall related events. Follow the steps below to carry this out.

  1. Open the command prompt.
  2. Execute the following commands to enable logging of all firewall-related events:
    3. Copy to Clipboard

    auditpol.exe /set /category:"Policy Change" /subcategory:"MPSSVC rule-level policy change" /success:enable /failure:enable

    Copy to Clipboard

    auditpol.exe /set /category:"Policy Change" /subcategory:"Filtering Platform policy change" /success:enable /failure:enable

    Copy to Clipboard

    auditpol.exe /set /category:"Logon/Logoff" /subcategory:"IPsec Main Mode" /success:enable /failure:enable

    Copy to Clipboard

    auditpol.exe /set /category:"Logon/Logoff" /subcategory:"IPsec Quick Mode" /success:enable /failure:enable

    Copy to Clipboard

    auditpol.exe /set /category:"Logon/Logoff" /subcategory:"IPsec Extended Mode" /success:enable /failure:enable

    Copy to Clipboard

    auditpol.exe /set /category:"System" /subcategory:"IPsec Driver" /success:enable /failure:enable

    Copy to Clipboard

    auditpol.exe /set /category:"System" /subcategory:"Other system events" /success:enable /failure:enable

    Copy to Clipboard

    auditpol.exe /set /category:"Object Access" /subcategory:"Filtering Platform packet drop" /success:enable /failure:enable

    Copy to Clipboard

    auditpol.exe /set /category:"Object Access" /subcategory:"Filtering Platform connection" /success:enable /failure:enable

  3. Restart the device (or) force a manual refresh by using the following command: gpupdate /force

Copyright © 2020, ZOHO Corp. All Rights Reserved.

Get download link