Using the Security Log
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You can use the security log to track Windows Firewall events. The security log provides information about Windows Firewall activity, such as changes to Windows Firewall settings, Windows Firewall startup status, and notifications sent when programs and system services attempt to listen for incoming traffic and are blocked. For more information about the specific events that are written to the security log, see the section titled "Windows Firewall Tools and Settings" in the Windows Firewall Technical Reference on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=42729).
By default, Windows Firewall events are not written to the security log. You must enable auditing in Group Policy to use the security log to track Windows Firewall events.
When to perform this task
You should enable the auditing of Windows Firewall events when you turn on Windows Firewall for the first time, when you need to troubleshoot Windows Firewall problems, or when you need to temporarily monitor Windows Firewall behavior.
Task requirements
No special tools are required to complete this task.
Task procedures
To complete this task, use the following procedures:
See Also
Concepts
Using the Windows Firewall Log Best Practices for Monitoring Windows Firewall