Windows Firewall Logs

by George Chetcuti [Published on 13 July 2011 / Last Updated on 13 July 2011]

Troubleshooting network problems can be quite daunting at times and a recommended good practice when troubleshooting Windows Firewalls is to enable the native logs. If you need to verify whether a firewall rule is blocking or allowing traffic, you should enable logging, re-create the problem and then examine the log files. By default, Windows Firewall saves log entries in %SystemRoot%\System32\LogFiles\Firewall\Pfirewall.log. It stores the last 4 KB of data and to enable it follow these steps:
Open Network and Sharing Center, click Windows Firewall and then click Advanced settings
In the Windows Firewall with Advanced Security snap-in, right click Windows Firewall with Advanced Security and select Properties
In the Windows Firewall with Advanced Security on Local Computer Properties window, select the Domain Profile, Private Profile or Public Profile tab.
In the Logging group, click the Customize… button.
In the Customize Logging Settings for …. Window, select Yes from the Log dropped packets: and Log successful connections: drop down lists.
Click OK
Remember, in a production environment this log will be almost constantly written to, which can cause a performance impact. So, I do recommend you to disable logging when you're pleased with information collected and there's no need for further testing.

Troubleshooting network problems can be quite daunting at times and a recommended good practice when troubleshooting Windows Firewalls is to enable the native logs. If you need to verify whether a firewall rule is blocking or allowing traffic, you should enable logging, re-create the problem and then examine the log files. By default, Windows Firewall saves log entries in %SystemRoot%\System32\LogFiles\Firewall\Pfirewall.log. It stores the last 4 KB of data and to enable it follow these steps:

  1. Open Network and Sharing Center, click Windows Firewall and then click Advanced settings
  2. In the Windows Firewall with Advanced Security snap-in, right click Windows Firewall with Advanced Security and select Properties
  3. In the Windows Firewall with Advanced Security on Local Computer Properties window, select the Domain Profile, Private Profile or Public Profile tab.
  4. In the Logging group, click the Customize… button.
  5. In the Customize Logging Settings for …. Window, select Yes from the Log dropped packets: and Log successful connections: drop down lists.
  6. Click OK

Remember, in a production environment this log will be almost constantly written to, which can cause a performance impact. So, I do recommend you to disable logging when you're pleased with information collected and there's no need for further testing.

Add Review or Comment

Featured Links