New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


Monitor Windows Firewall logs

Votes:

0

Your Vote:

Up

Down

I don't see an easy way to monitor windows firewall logs... You support some hardware firewalls, but not windows? I would be nice if prtg could natively monitor the windows firewall logs and display some of the same issue you would with a hardware firewall.

firewall logs windows

Created on Jan 8, 2018 3:10:20 AM by  pir8radio (170) 2 1



4 Replies

Votes:

0

Your Vote:

Up

Down

Hi there,

I am quite unsure what logs you want to monitor on a Windows Firewall, or which Hardware Issues as the Firewall of Windows is only software based. Could you explain the metrics you want to monitor a little bit more extensive?

Best regards.

Created on Jan 8, 2018 12:03:58 PM by  Dariusz Gorka [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I want to monitor the same metrics as if windows firewall was a hardware firewall.... The metrics would be traffic related, not hardware related... Like firewall status (on, off), blocked requests. I'm most interested in blocked requests. But similar stats as this tool offers: http://www.zedlan.com/win_firewall_log_analyser.php

Created on Jan 14, 2018 1:59:00 AM by  pir8radio (170) 2 1



Votes:

0

Your Vote:

Up

Down

Here is an example of the windows firewall log.

  1. Version: 1.5
  2. Software: Microsoft Windows Firewall
  3. Time Format: Local
  4. Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path

2018-01-13 21:26:45 DROP ICMP 192.168.14.2 192.168.14.1 - - 68 - - - - 0 0 - RECEIVE 2018-01-13 21:27:01 DROP ICMP 192.168.14.2 192.168.14.1 - - 68 - - - - 0 0 - RECEIVE 2018-01-13 21:27:17 DROP ICMP 192.168.14.2 192.168.14.1 - - 68 - - - - 0 0 - RECEIVE

Created on Jan 14, 2018 3:34:45 AM by  pir8radio (170) 2 1



Votes:

0

Your Vote:

Up

Down

Hello there,

What the tool basically does is retrieving the details from the firewall log file, which needs to be enabled first, see also section "How do I use WinFirewallLogAnalyser?" here.

None of PRTG's built-in sensors will be able to dissect especially this data and aggregate it the way you need it. You can use a File Content Sensor to look for particular entries in this log though, but it's not capable of performing further calculations of the data and alike. Everything else would mean creating a custom script that processes the data and returns some metrics back to PRTG, but we have no "script template" for this particular task.

Kind regards,

Erhard

Created on Jan 15, 2018 11:23:21 AM by  Erhard Mikulik [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.