none
Firewall failing to log RRS feed

  • Question

  • I'm running Windows Server 2008 under Virtuozzo, and I would like to use the logging feature of the "Windows Firewall with Advanced Security" to debug a connectivity issue.  I turn on logging for public/private/domain and specify a log file.  The firewall creates the log file with headers, so far so good.  However no further logging takes place.  I send data to the computer, some of which should be blocked (a web browser query) and some of which should be admitted (an RDC connection) and nothing appears in the log.

    Any ideas on how to correct this?

    Wednesday, March 23, 2011 1:06 PM

Answers

  • a) check the file permissions so that the operating system accounts can write to the file

    b) I have seen a case when the logging was not actually working until I have disabled it and reenabled it again

    c) you can as well make use of advanced auditing which means that the firewall logs everything directly into security log instead of the disk file. If you want to enable the security auditing, you need to go to command line (you say you are running on R1) and investigate the AUDITPOL command:

    - auditpol /get /category:"object access"

    - auditpol /set /subcategory:"filtering platform packet drop" /success:enable /failure:enable

    - auditpol /set /subcategory:"filtering platform connection" /success:enable /failure:enable

    d) I would rather go for Network Monitor and watched the packets online.

    ondrej.

     

     

    • Marked as answer by Bruce-Liu Tuesday, March 29, 2011 2:09 AM
    Thursday, March 24, 2011 11:22 AM