Forum Discussion
Issue collecting Windows Firewall Events
Hi community, I have a problem to collect Windows Firewall events from my Windows 10 VMs. I enabled the Windows Firewall connector in Sentinel, installed the MMA (64-bit version 10.20.18018.0) on t...
simonepatonico could you pls tell me if reducing the logfile size to 2KB solved your problem permanently? I was facing the same issue as you and received logs from Windows Firewall as soon as I reduced the logfile size to 2KB but the next day again I couldnt see the Windows Firewall logs.
Did you do try any other solution after reducing the logfile size?
saurabh09 yes I solved the problem reducing the logfile size to 2 KB. However, since windows firewall does not log all the data that I need, I did not use it for Analytics rules in Azure Sentinel. If your machines are VMs in Azure, I suggest you to integrate logs from Network Security Groups but it would require you to setup a custom table in Log Analytics Workspace.
Regards
Simone