Setting up NXLog for Windows

You will need to first install and configure NXLog on the windows host using these instructions: Integrating with Microsoft Windows Server.

Enable Windows Firewall Logging Using PowerShell

To reduce noise, Blumira recommends setting this up to only log out Dropped traffic by the Firewall. While Allowed traffic can be sent, it will drastically increase noise within your logging infrastructure and will essentially log all traffic from that host. Blumira recommends only doing this in situations where you have a highly sensitive host that does not traverse any other logging that Blumira captures.

Recommended PowerShell Command:

Set-NetFirewallProfile –LogFileName %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log -LogBlocked True -LogAllowed False -LogIgnored True

If significant verbosity is required, use this command which will log Allowed connections as well:

Set-NetFirewallProfile –LogFileName %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log -LogBlocked True -LogAllowed True -LogIgnored True