How to Log Windows Firewall Activity
Firewall Logging is Useful to verify if newly added firewall rules are working or not, to identify malicious activity, and to determine if the firewall is dropping packet which causes application failures.
I will assume that the firewall is enabled and FW rule is applied
By default, the FW log file is disabled, the following steps is to enable and monitor the log.
from “Administrative Tools” click “Windows Firewall with Advanced Security” and then click “Properties”
A new window will opens, choose the maximum log size, log file location, and define log type (to log dropped packets, successful or both).note that the dropped packets are the packets that was blocked by the firewall.
By default, Windows Firewall writes log entries to %SystemRoot%\System32\LogFiles\Firewall\Pfirewall.log and the log file size is 4 MB.
click on “Private Profile” and “Public Profile” tab and repeat the same steps
Displays Firewall log
To display the Firewall log, from the main “Windows Firewall with Advanced Security” windows click on “Monitoring”, from the Details pane, in “Logging Settings” section, click the link to open the log file in the text editor(Notepad).
I hope this post will be useful to you. If you like the post , Please don’t forget to Vote and click the Like Button.
Email me at firstname.lastname@example.org for corrections, additions, or questions.