Windows Firewall Logging File

Windows Firewall Logging File

The Pfirewall.log file, stored by default in your main Windows folder, records either discarded incoming requests or successful connections based on the Security Logging settings on the Advanced tab in the Windows Firewall component of Control Panel or through the Windows Firewall: Allow logging Group Policy setting. You can use the contents of the Pfirewall.log file to determine whether traffic is reaching the computer on which Windows Firewall is enabled without having to create an exception or enable ICMP traffic.

For example, when you select the Log dropped packets check box, all incoming traffic that is discarded by the firewall is logged in the Pfirewall.log file. You can view this file by double-clicking it in your main Windows folder with Windows Explorer. Use the contents of the log file to determine whether traffic reached your computer and was discarded by Windows Firewall.

Here is an example of the contents of the Pfirewall.log file:

#Version: 1.5

#Software: Microsoft Windows Firewall

#Time Format: Local

#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path

2004-07-08 15:22:31 DROP UDP 159.60.138.21 239.255.255.250 3289 1900 161 - - - - - - - RECEIVE

2004-07-08 15:22:34 DROP UDP 159.60.138.21 239.255.255.250 3289 1900 161 - - - - - - - RECEIVE

2004-07-08 15:22:35 DROP UDP 159.60.138.134 239.255.255.250 3507 1900 161 - - - - - - - RECEIVE

2004-07-08 15:22:37 DROP UDP 159.60.138.21 239.255.255.250 3289 1900 161 - - - - - - - RECEIVE

2004-07-08 15:22:37 DROP UDP 159.60.136.211 239.255.255.250 4274 1900 161 - - - - - - - RECEIVE

2004-07-08 15:22:38 DROP UDP 159.60.138.134 239.255.255.250 3507 1900 161 - - - - - - - RECEIVE

2004-07-08 15:22:38 DROP UDP 192.168.0.1 239.255.255.250 1900 1900 280 - - - - - - - RECEIVE

You can also use the contents of the Pfirewall.log file to determine whether a malicious Internet user has scanned your computer.