Customize Logging Settings for a Firewall Profile
Applies To: Windows Server 2008
Logging options
Windows Firewall with Advanced Security can be configured to log events that indicate the successes and failures of processes. The logging settings involve two groups of settings: settings for the log file itself and settings that determine which events the file will record.
You can specify where the log file will be created (or you can use an existing file), how big the file can grow, and whether you want the log file to record information about dropped packets, successful connections, or both.
Note
When the size limit is reached, Windows Firewall with Advanced Security closes the log file and renames it by adding ".old" to the end of the file name. It then creates and uses a new log file that has the original log file name.
Log dropped packets
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log will detail why and when the packet was dropped.
Log successful connections
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log will detail why and when the connection was formed.