主页 » 启用Windows Firewall日志

启用Windows Firewall日志

为了监控 Windows 防火墙日志,请添加要从中收集防火墙日志的Windows 设备

要使EventLog Analyzer收集Windows防火墙日志,请修改添加的Windows设备的本地审核策略并启用与防火墙相关的事件。请按照以下步骤执行此操作。

  1. 打开命令提示符。
  2. 执行以下命令以启用所有防火墙相关事件的日志记录:

    3. auditpol.exe /set /category:"Policy Change" /subcategory:"MPSSVC rule-level policy change" /success:enable /failure:enable

    auditpol.exe /set /category:"Policy Change" /subcategory:"Filtering Platform policy change" /success:enable /failure:enable

    auditpol.exe /set /category:"Logon/Logoff" /subcategory:"IPsec Main Mode" /success:enable /failure:enable

    auditpol.exe /set /category:"Logon/Logoff" /subcategory:"IPsec Quick Mode" /success:enable /failure:enable

    auditpol.exe /set /category:"Logon/Logoff" /subcategory:"IPsec Extended Mode" /success:enable /failure:enable

    auditpol.exe /set /category:"System" /subcategory:"IPsec Driver" /success:enable /failure:enable

    auditpol.exe /set /category:"System" /subcategory:"Other system events" /success:enable /failure:enable

    auditpol.exe /set /category:"Object Access" /subcategory:"Filtering Platform packet drop" /success:enable /failure:enable

    auditpol.exe /set /category:"Object Access" /subcategory:"Filtering Platform connection" /success:enable /failure:enable


  3. 重新启动设备或使用命令强制手动刷新gpupdate /force
 
Copyright © 2022, ZOHO Corp
ManageEngine