Monitor Windows Firewall logs

Hi there,

I am quite unsure what logs you want to monitor on a Windows Firewall, or which Hardware Issues as the Firewall of Windows is only software based. Could you explain the metrics you want to monitor a little bit more extensive?

Best regards.

Jan, 2018 - Permalink

I want to monitor the same metrics as if windows firewall was a hardware firewall.... The metrics would be traffic related, not hardware related... Like firewall status (on, off), blocked requests. I'm most interested in blocked requests. But similar stats as this tool offers: http://www.zedlan.com/win_firewall_log_analyser.php

Jan, 2018 - Permalink

Here is an example of the windows firewall log.

1. Version: 1.5
2. Software: Microsoft Windows Firewall
3. Time Format: Local
4. Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path

2018-01-13 21:26:45 DROP ICMP 192.168.14.2 192.168.14.1 - - 68 - - - - 0 0 - RECEIVE 2018-01-13 21:27:01 DROP ICMP 192.168.14.2 192.168.14.1 - - 68 - - - - 0 0 - RECEIVE 2018-01-13 21:27:17 DROP ICMP 192.168.14.2 192.168.14.1 - - 68 - - - - 0 0 - RECEIVE

Jan, 2018 - Permalink

Hello there,

What the tool basically does is retrieving the details from the firewall log file, which needs to be enabled first, see also section "How do I use WinFirewallLogAnalyser?" here.

None of PRTG's built-in sensors will be able to dissect especially this data and aggregate it the way you need it. You can use a File Content Sensor to look for particular entries in this log though, but it's not capable of performing further calculations of the data and alike. Everything else would mean creating a custom script that processes the data and returns some metrics back to PRTG, but we have no "script template" for this particular task.

Kind regards,

Erhard

Jan, 2018 - Permalink