Using the Windows Firewall Log

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

You can use the Windows Firewall log file to monitor TCP and UDP connections and packets that are blocked by Windows Firewall. The log file provides source and destination IP addresses, port numbers, and protocols. For more information about log file structure, including descriptions of each log file parameter, see the section titled "Windows Firewall Tools and Settings" in the Windows Firewall Technical Reference on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=42729).

By default, the log file is disabled, which means that no information is written to the log file. To use the log file, you must enable the logging of dropped packets, successful connections, or both. You can also configure other log file settings, including the name, location, and maximum size of the log file.

When to perform this task

Enable the Windows Firewall log file when you need to troubleshoot a Windows Firewall problem or you need to temporarily monitor Windows Firewall behavior.

Task requirements

No special tools are required to complete this task.

Task procedures

To complete this task, use the following procedures:

• Enable or Disable the Windows Firewall Log

• View the Windows Firewall Log File

• Change the Name and Location of the Windows Firewall Log File

• Change the Size of the Windows Firewall Log File

See Also

Concepts

Best Practices for Monitoring Windows Firewall
Using the Security Log