Using the Windows Firewall Log
Updated: March 28, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You can use the Windows Firewall log file to monitor TCP and UDP connections and packets that are blocked by Windows Firewall. The log file provides source and destination IP addresses, port numbers, and protocols. For more information about log file structure, including descriptions of each log file parameter, see the section titled "Windows Firewall Tools and Settings" in the Windows Firewall Technical Reference on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=42729).
By default, the log file is disabled, which means that no information is written to the log file. To use the log file, you must enable the logging of dropped packets, successful connections, or both. You can also configure other log file settings, including the name, location, and maximum size of the log file.
When to perform this task
Enable the Windows Firewall log file when you need to troubleshoot a Windows Firewall problem or you need to temporarily monitor Windows Firewall behavior.
No special tools are required to complete this task.
To complete this task, use the following procedures:
Enable or Disable the Windows Firewall Log
View the Windows Firewall Log File
Change the Name and Location of the Windows Firewall Log File
Change the Size of the Windows Firewall Log File