Заметки сисадмина » Configure Windows Firewall logging

Заметки сисадмина о интересных вещах из мира IT, инструкции и рецензии. Настраиваем Компьютеры/Сервера/1С/SIP-телефонию в Москве

Configure Windows Firewall logging

1. Open the Group Policy Management Console to Windows Firewall with Advanced Security.

2. In the details pane, in the Overview section, click Windows Firewall Properties.

3. For each network location type (Domain, Private, Public), perform the following steps.

  • Click the tab that corresponds to the network location type.
  • Under Logging, click Customize.
  • The default path for the log is %windir%\system32\logfiles\firewall\pfirewall.log. If you want to change this, clear the Not configured check box and type the path to the new location, or click Browse to select a file location.

Important: The location you specify must have permissions assigned that permit the Windows Firewall service to write to the log file.

4. The default maximum file size for the log is 4,096 kilobytes (KB). If you want to change this, clear the **Not configured** check box, and type in the new size in KB, or use the up and down arrows to select a size. The file will not grow beyond this size; when the limit is reached, old log entries are deleted to make room for the newly created ones.

5. No logging occurs until you set one of following two options:

– To create a log entry when Windows Firewall drops an incoming network packet, change **Log dropped packets** to **Yes**.

– To create a log entry when Windows Firewall allows an inbound connection, change **Log successful connections** to **Yes**.

6. Click **OK** twice.

TcpLogView is a simple utility that monitors the opened TCP connections on your system, and adds a new log line every time that a TCP connection is opened or closed. For every log line, the following information is displayed: Even Time, Event Type (Open, Close, Listen), Local Address, Remote Address, Remote Host Name, Local Port, Remote Port, Process ID, Process Name, and the country information of the Remote IP (Requires to download IP to country file separately.)

  • This utility works on any version of Windows, starting from Windows 2000 and up to Windows 10. On 64-bit systems, you should use the x64 build of TcpLogView.
  • This utility creates the TCP log by taking a snapshot of currently open TCP connections, and comparing it to the previous snapshot. This means that if a TCP connection is opened for a very short time, then TcpLogView will not be able to capture it.
  • On Windows Vista/7/8 with UAC turned on, you should run TcpLogView as administrator if you want to get full process information.


Leave a Reply