From 077cf6756ef30eec8a234e66a8952d349d34dcbd Mon Sep 17 00:00:00 2001
From: YulelogPagoda <45784740+YulelogPagoda@users.noreply.github.com>
Date: Tue, 19 Nov 2019 15:25:19 +0100
Subject: [PATCH] Add Troubleshoot for Slow Firewall Log Ingestion

Added information about slow firewall log ingestion troubleshooting.
---
 .../windows-firewall/configure-the-windows-firewall-log.md     | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
index ea78e8de16..96545288bd 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
@@ -54,3 +54,6 @@ To complete these procedures, you must be a member of the Domain Administrators
         -   To create a log entry when Windows Defender Firewall allows an inbound connection, change **Log successful connections** to **Yes**.
 
     6.  Click **OK** twice.
+
+**Troubleshooting Slow Log Ingestion**
+    If logs are slow to appear in Sentinel, you can turn down the log file size. Just beware that this will result in more resource usage due to the increases resource usage for log rotation.