What are Windows Firewall Logs?
Windows Firewall logs contain information about allowed and blocked attempts to communicate with your computer through the firewall. If you’re troubleshooting a connection problem or trying to find out whether someone’s trying to break into your computer, examining these logs can be helpful.
Where are Windows Firewall Logs?
Windows Firewall logs are stored in the %WINDIR%\system32\Logfiles\Firewall directory.
If you’re not sure where that is, you can open up File Explorer and type “%WINDIR%\system32\Logfiles\Firewall” into the address bar. That will take you right to the folder.
How to View Windows Firewall Logs?
Via Control Panel
Windows Firewall logs can be viewed using the Event Viewer tool.
- To access the Event Viewer, open the Control Panel and navigate to System and Security > Administrative Tools > Event Viewer.
- Once in the Event Viewer, expand the Windows Logs folder and select the Security log.
- The Security log will contain all of the events that have been logged by the Windows Firewall.
Via Run Program
1. Open Event Viewer
To open Event Viewer, press the Windows key + R, type eventvwr, and press Enter.
2. Expand the Windows Logs Folder
Once the Event Viewer is open, expand the Windows Logs folder. This folder contains all of the logs for events that have occurred on your computer, including the firewall logs.
3. Select Security Log
Within the Windows Logs folder, select the Security log. This log contains all of the events related to security, including those related to the firewall.
4. Filter Events
You can use the Filter Current Log option to filter the events that are displayed in the security log.
- For example, you can filter by Event ID, which will only display events with a specific ID number.
- Alternatively, you can filter by Source, which will only display events from a specific source. In this case, you would want to filter by Source=” Microsoft-Windows-Security-Auditing” to only display firewall-related events.
5. View Events
Once you have filtered the security log to only display firewall-related events, you can then view the details of each event by double-clicking it. The details of each event will include information such as when it occurred, what action was taken (e.g., allow or block), and which program or process was affected.
I’m using the app Firewall Log Viewer for Windows to analyse log files