0 comments

Windows Firewall Logging

Published on Monday, May 24, 2010 in

One of my favorite tools when troubleshooting is Wireshark. One of the drawbacks is that you have to install it on your server. If you're not really sure whether the windows firewall is bothering your or not, you can enable the logging feature of the Windows Firewall. You can choose to log either dropped packets, successful connections or both.

To enable the logging feature, choose the firewall configuration section in the servermanager and choose the profile for which you want to enable logging:

image

Enable both dropped packets and successful connections:

image

The log file will be saved to %systemroot%\system32\logfiles\firewal\pfirewall.log

image

Just like when using Wireshark, some form of filtering is easy, I like using the built-in command line utility "findstr". By executing "findstr /I "IPofServerTryingToGetIn" c:\windows\system32\logfiles\firewall\pfirewall.log" you get a nice clean summary of all dropped and successful connections. In this specific case the SQL Browser service was unreachable at UDP 1434.

image

Related Posts

No Response to "Windows Firewall Logging"

Add Your Comment