Event Details
User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2000-2003->EventID 854 - The Windows Firewall logging settings have changed [Win 2003 / XP]
EventID 854 - The Windows Firewall logging settings have changed [Win 2003 / XP]
 Sample: 
Event Type:     Success Audit
Event Source:   Security
Event Category: Policy Change
Event ID:       854
Date:           12/16/2009
Time:           06:53:05
User:           NT AUTHORITY\SYSTEM
Computer:       DC1
Description:    
The Windows Firewall logging settings have changed.

Policy origin: Local Policy
Profile changed: -
New Settings:
     Log dropped packets: Enabled
     Log successful connections: Enabled
Old Settings:
     Log dropped packets: Disabled
     Log successful connections: Disabled
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Security
Filtering Field Equals to Value
OSVersion Windows 2003
Windows XP
Category Policy Change
Source Security
EventId 854
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. DateTime
Who Account or user name under which the activity occured. User
What The type of activity occurred (e.g. Logon, Password Changed, etc.) Category
Where The name of the workstation/server where the activity was logged. Computer
Where From The name of the workstation/server where the activity was initiated from. - 10.10.10.10
Severity Specify the seriousness of the event. "Medium" Medium
WhoDomain -
WhereDomain -
Comments
You must be logged in to comment