Appendix 15. View Logs

Source: Internet
Author: User

Appendix 15. View Logs


5.1 Enabling logging for a configuration file

By default, Windows firewall does not log events, and you need to enable the event logging feature manually.

First, open the Properties window for the Windows Firewall with Advanced security for the local computer.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6E/C3/wKioL1WGq5PT_bIuAAK3iKavwe4071.jpg "title=" Advanced properties. png "alt=" wkiol1wgq5pt_biuaak3ikavwe4071.jpg "/>


Select the tab for the firewall profile for which you want to configure the log, and in the log area, click Customize to bring up the Log Settings window for the custom profile.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6E/C6/wKiom1WGqSvx7f4cAALvQlVbOPg915.jpg "title=" Log settings. png "alt=" wkiom1wgqsvx7f4caalvqlvbopg915.jpg "/>


The properties of the log have several options:

(1) Name

Enter the path and name of the file where you want Windows firewall to write its log information.

If you want to configure a Group Policy object (GPO) that will be deployed to multiple computers, use the available environment variables (such as%windir%) to make sure that the location is correct for each computer on the network.

If you specify a location other than the default value, you must make sure that the Windows Firewall service has permission to write to that location.


(2) Size limit

Specifies the maximum size allowed for a file to grow. The value must be between 1 and 32,767 kilobytes (KB).

When the specified size limit is reached, Windows Firewall with Advanced Security closes the log file and renames it by adding ". Old" to the end of the file name. It then creates and uses a new log file with the original log file name. Only two files can be kept at a time. If the second file reaches the maximum size, the original ". old" file is discarded by adding ". Old" to rename it.


(3) Types of records

Specifying only the file location does not start logging. You must also select one of the two check boxes that are used to record dropped packets or successful connections.

Use the log dropped packets option to log logs when Windows Firewall with advanced security drops inbound packets for any reason. The log records the reason and time that the packet was dropped. Find the entry with the word DROP in the Action column of the log.

Use the Log successful connections option to log logs when Windows Firewall with Advanced Security allows inbound connections. The log records the reason and time that the connection was established. Find the entry with the word allow in the Action column of the log.



5.2 Viewing the log of the configuration file

The following example records some inbound packets being discarded.

#Version: 1.5

#Software: Microsoft Windows Firewall

#Time format:local

#Fields: Date Time Action Protocol Src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype Icmpcode in FO path


2015-06-21 16:18:13 DROP ICMP 192.168.2.1 192.168.2.123-----8 0-receive

2015-06-21 16:18:17 DROP ICMP 192.168.2.1 192.168.2.123-----8 0-receive

2015-06-21 16:18:22 DROP ICMP 192.168.2.1 192.168.2.123-----8 0-receive

2015-06-21 16:18:27 DROP ICMP 192.168.2.1 192.168.2.123-----8 0-receive

2015-06-21 20:03:26 DROP TCP 192.168.2.1 192.168.2.123 64728 1433 0 2379454234--RECEIVE

2015-06-21 20:03:29 DROP TCP 192.168.2.1 192.168.2.123 64728 1433 0 2379454234--RECEIVE


From the record above, the previous 4 packets are pings from the remote computer (IP address: 192.168.2.1), and the packets are discarded because there are no matching inbound rules. The last 2 packets, which are access requests from the remote computer to access the local SQL Server default instance (port TCP 1433), are also discarded.



This article from "SQLServer2014 series" blog, declined reprint!

Appendix 15. View Logs

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.