Tracking Firewall Activity with A Windows 8 Firewall Log

The Windows Firewall has been developed to a very effective working firewall product that not only stands between you and intruders protecting you from being attacked but also allows you to keep track of all intrusion attempts as well. With these information, you can find out whether your PC has been targeted, and what kinds of attacks the Firewall has countered back.

This article is to show you how to turn on this tracking feature to keep a much detailed log and how to access them.

To create a Windows Firewall log

You need to open Windows 8’s Windows Firewall with Advanced Security feature first. Press Win+R, type¬†wf.msc, and press Enter. The targeted window will pops open.

Then, click Properties link on the right side of the screen. The following dialog box shows up.

Windows Firewall with Advanced Security on Local Computer Properties

Click¬†Customize… button in the Logging section. In the dialog box that pops up, specify where you want to save the log file, the maximum log size, and whether to log dropped packets and successful connections. The dropped packets are those network traffics that have been blocked by Windows Firewall. And a successful connection refers to both incoming connections as well as any connections you have made over to the Internet. I selected “Yes” on both options in this case.

Customize Logging Settings for the Domain Profile

You will have to repeat this step to Public Profile tab as well as Private Profile tab so you have the same logging setting in place for all 3 types of firewall profiles.

To access the log file

Back to the main Windows Firewall and Advanced Security window. Click Monitoring on the left side panel, locate the Logging Settings section in the middle side of panel, and click the file link for the log file.

Windows Firewall with Advanced Security_2013-06-13_06-43-29

The log will open in Notepad automatically. It may look gibberish but it does contain a lot of useful information there. Each log entry has a total of up to 16 pieces of information but the most useful ones are the first eight columns, which include Date, Time, Action, Protocol, Source IP, Destination IP, Source Port, and Destination Port.

pfirewall

Conclusion

It may not necessary checking the log file each day if your PC is behind your router but still, it would be a good idea turning this log on and assess it regularly once a while to make sure you are in a safe zone for you computer.

The title of this post says for Windows 8 but it should work the same for Windows 7 computers as well.

Kent Chen

Microsoft MVP, IT Professional, Developer, Geek, and the co-founder of Next of Windows.

Last updated: 08/04/2014

Posted in: Security , Windows 8
Discover more: ,