Enable UDP on Windows for Firewall Log Analyzer
Allowing inbound UDP traffic
Overview
RocketCyber's Firewall Log Analyzer is architected to eliminate the need of shipping hardware or deploying complex software. To facilitate the collection of firewall telemetry, UDP 514 is the recommended protocol/port. It is very common that the configuration of Windows Firewall has this blocked, therefore the Firewall Analyzer app has been designed to automatically add an inbound rule for the configured Port and Protocol to allow traffic in. If you are using another host based firewall you should consult the documentation on how to allow this traffic. If your just curious about manually configuring the rule, read on.
Configuration
To allow Inbound UDP 514 on your Windows host as the syslog server, see steps below:
Windows 10
- Go to Control Panel --> Systems and Security --> Windows Defender Firewall
- Select Allow an App through Windows Firewall
- Select Advanced Settings --> Inbound Rules
- Create a New Rule
- Port (click next) --> UDP
- Specify port 514 (click next)
- Allow Connection (click next)
- Rule Applies should have { Domain, Public, Private } all checked (click next)
- Name this rule "RocketCyber Syslog"
- Click Finish