Information Technology Reference
In-Depth Information
5.
In the Logging Options section, place a check mark next to one or both of the following
settings:
Log dropped packets
Log successful connections
6.
In the Log File Options section, specify the filename and directory path of the log file in
the Name text box. Specify the maximum size of the file in the Size Limit (KB) window.
7.
Click OK when you're finished.
Using a Command-Line Interface
The following command enables Windows firewall logging for dropped packets with a maximum
file size of 8,192 bytes:
> netsh firewall set logging c:\logs\wfirewall.log droppedpackets = ENABLE
maxfilesize = 8192
Using Group Policy
Tables 3-28 and 3-29 contain the Group Policy settings that dictate whether Windows Firewall
should log firewall activity for the domain and standard profiles respectively.
Table 3-28.
Configure Firewall Logging—Domain Profile
Computer Configuration\Administrative Templates\Network\
Network Connections\Windows Firewall\Domain Profile
Path
Policy name
Windows Firewall: Allow logging
Enabled
to turn on logging.
Disabled
to turn off logging.
Value
Table 3-29.
Configure Firewall Logging—Standard Profile
Computer Configuration\Administrative Templates\Network\
Network Connections\Windows Firewall\Standard Profile
Path
Policy name
Windows Firewall: Allow logging
Enabled
to turn on logging.
Disabled
to turn off logging.
Value
How It Works
When you enable logging, the Windows Firewall creates a text file containing information
about any packets that it drops or accepts. By default, the file is stored as
c:\windows\
pfirewall.log
with a maximum file size of
4096
bytes (4MB). Once the file reaches its
maximum size, Windows will begin logging to a new file called
pfirewall.log.1
.
