Log Windows Firewall Activity

How to Log Windows Firewall  Activity

Firewall Logging is Useful to verify if newly added firewall rules are working or not, to identify malicious activity, and to determine if the firewall is dropping packet which causes application failures.
I will assume that the firewall is enabled and FW rule is applied
By default, the FW log file is disabled, the following steps is to enable and monitor the log.
from “Administrative Tools” click “Windows Firewall with Advanced Security” and then click “Properties”

    
A new windows appears. Now click the “Domain Profile” tab and select “Customize” from the “Logging Section.”
    

A new window will opens, choose the maximum log size, log file location, and define log type (to log dropped packets, successful or both).note that the dropped packets are the packets that was blocked by the firewall.
By default, Windows Firewall writes log entries to %SystemRoot%\System32\LogFiles\Firewall\Pfirewall.log and the log file size is 4 MB.

   

click on “Private Profile” and “Public Profile” tab and repeat the same steps

Displays Firewall log

To display the Firewall log, from the main “Windows Firewall with Advanced Security” windows click on “Monitoring”, from the Details pane, in “Logging Settings” section, click the link to open the log file in the text editor(Notepad).

   

Good luck!

I hope this post will be useful to you. If you like the post , Please don’t forget to Vote and click the Like Button.

Email me at itmug.pro@gmail.com for corrections, additions, or questions.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s