In my previous blog (https://paularquette.com/windows-server-firewall-logging-via-gpo-log-file-not-created/) I mentioned that simply turning on Group Policy for the Windows Firewall doesn’t actually create the firewall logs.
In order to force create the windows firewall logs for servers that are already out there in the wild I have created a batch script that can be ran in Group Policy as a startup script.
The script is located on my github but I’ve listed here as well because it is a small script. For the latest updates though please visit github as it is unlikely I will individually update this blog post.
rem Batch Script to Create Firewall Log Files rem Written By: Paul Arquette rem Last Modified: Oct 24, 2022 rem Last Modified For: Github if exist C:\Windows\System32\LogFiles\firewall\pfirewall.log ( echo file exists ) else ( netsh advfirewall set allprofiles logging filename %systemroot%\System32\LogFiles\firewall\pfirewall.log netsh advfirewall set allprofiles logging maxfilesize 32767 netsh advfirewall set allprofiles logging droppedconnections enable netsh advfirewall set allprofiles logging allowedconnections enable )