Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You can use the Windows Firewall log file to monitor TCP and UDP connections and packets that are blocked by Windows Firewall. The log file provides source and destination IP addresses, port numbers, and protocols. For more information about log file structure, including descriptions of each log file parameter, see the section titled "Windows Firewall Tools and Settings" in the Windows Firewall Technical Reference on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=42729).
By default, the log file is disabled, which means that no information is written to the log file. To use the log file, you must enable the logging of dropped packets, successful connections, or both. You can also configure other log file settings, including the name, location, and maximum size of the log file.
When to perform this task
Enable the Windows Firewall log file when you need to troubleshoot a Windows Firewall problem or you need to temporarily monitor Windows Firewall behavior.
Task requirements
No special tools are required to complete this task.
Task procedures
To complete this task, use the following procedures:
Best Practices for Monitoring Windows Firewall
Using the Security Log