Free EditionEnable Windows Firewall Logs
To monitor the Windows Firewall logs, you need to initially add the Windows host from which the Firewall logs are to be collected.
For EventLog Analyzer to collect Windows Firewall logs, you must modify the local audit policy of added the Windows host and enable all firewall related events. To do this, follow the below procedure:
Open the command prompt.
Execute the following commands to enable logging of all firewall-related events:
auditpol.exe /set /category:"Policy Change" /subcategory:"MPSSVC rule-level policy change" /success:enable /failure:enable
auditpol.exe /set /category:"Policy Change" /subcategory:"Filtering Platform policy change" /success:enable /failure:enable
auditpol.exe /set /category:"Logon/Logoff" /subcategory:"IPsec Main Mode" /success:enable /failure:enable
auditpol.exe /set /category:"Logon/Logoff" /subcategory:"IPsec Quick Mode" /success:enable /failure:enable
auditpol.exe /set /category:"Logon/Logoff" /subcategory:"IPsec Extended Mode" /success:enable /failure:enable
auditpol.exe /set /category:"System" /subcategory:"IPsec Driver" /success:enable /failure:enable
auditpol.exe /set /category:"System" /subcategory:"Other system events" /success:enable /failure:enable
auditpol.exe /set /category:"Object Access" /subcategory:"Filtering Platform packet drop" /success:enable /failure:enable
auditpol.exe /set /category:"Object Access" /subcategory:"Filtering Platform connection" /success:enable /failure:enable
Restart the host (or) force a manual refresh by using the following command: gpupdate /force
