Windows Firewall Logs

Troubleshooting network problems can be quite daunting at times and a recommended good practice when troubleshooting Windows Firewalls is to enable the native logs. If you need to verify whether a firewall rule is blocking or allowing traffic, you should enable logging, re-create the problem and then examine the log files. By default, Windows Firewall saves log entries in %SystemRoot%\System32\LogFiles\Firewall\Pfirewall.log. It stores the last 4 KB of data and to enable it follow these steps:

  1. Open Network and Sharing Center, click Windows Firewall and then click Advanced settings
  2. In the Windows Firewall with Advanced Security snap-in, right click Windows Firewall with Advanced Security and select Properties
  3. In the Windows Firewall with Advanced Security on Local Computer Properties window, select the Domain Profile, Private Profile or Public Profile tab.
  4. In the Logging group, click the Customize… button.
  5. In the Customize Logging Settings for …. Window, select Yes from the Log dropped packets: and Log successful connections: drop down lists.
  6. Click OK

Remember, in a production environment this log will be almost constantly written to, which can cause a performance impact. So, I do recommend you to disable logging when you’re pleased with information collected and there’s no need for further testing.

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top