Logging Windows Firewall

by Chris Sanders [Published on 15 March 2007 / Last Updated on 15 March 2007]

The built-in windows firewall won’t only stop unwanted traffic at your doorstep, it will log it too!

The Windows Firewall has several great features, but one of the most commonly overlooked is its logging capabilities. You can access the settings for these logging features by clicking Start, Run, and typing “firewall.cpl” and clicking OK. After this, click the Advanced tab, and click the Settings button under the security logging heading.

This area gives you a few options related to logging. You can specify whether or not you want to log dropped packets (those blocked by the firewall), successful connections (those let through the firewall), or both. You can also specify the location of the log file, which by default is C:\Windows\pfirewall.log. You can store these log files locally or on a mapped network drive for easy access to multiple log files. Lastly, you can also set the maximum size of the log file. After you make your changes here you can click OK and logging will then be enabled.

The log files created by the Windows Firewall can be a life-saver, especially when you are suspicious of malicious activities on a computer in your network.

***

Chris Sanders is the network administrator for one of the largest public school systems in the state of Kentucky. Chris's specialties include general network administration, windows server 2003, wireless networking, and security. You can view Chris' personal website at www.chrissanders.org.

Featured Links