Q: How can I generate a Windows Firewall packet log that shows all incoming network packets that are allowed and dropped by the firewall policy?

Jan De Clercq

February 14, 2011

1 Min Read
ITPro Today logo in a gray background | ITPro Today

A: You can enable Windows Firewall packet logging from the Windows Firewall with Advanced Security MMC snap-in (wf.msc). In the Overview section of the details pane of the snap-in, click Windows Firewall Properties. This will open the Windows Firewall with Advanced Security configuration box. Then, for each firewall profile type (Domain Profile, Private Profile, Public Profile), you must perform the following steps.

  • Click the tab that corresponds to the firewall profile where you want to enable logging.

  • Under Logging, click Customize to open the Customize Logging Settings box.

  • To create a log entry when Windows Firewall drops an incoming network packet, select Yes option in the Log dropped packets dropdown box.

  • To create a log entry when Windows Firewall allows an inbound connection, select Yes in the Log successful connections dropdown box.

The default path for the firewall log is %windir%system32logfilesfirewallpfirewall.log. The default maximum file size for the log is 4,096KB. The log file won't grow beyond this size—when it reaches its size limit, it deletes old log entries to make room for new ones. Both the default path and default maximum file size can be changed for each network profile from the Customize Logging Settings dialog box I referred to above.

You can also enable Windows Firewall packet logging using the netsh command line tool.  To enable if for all firewall profiles, use the following commands.

netsh advfirewall>set allprofiles logging allowedconnections enablenetsh advfirewall>set allprofiles logging droppedconnections enable
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like