Query your Windows Firewall?

Posted by

I have been sitting and looking at built-in Windows Firewall logs for a while and I have not found any funny way of looking at these, so I just created a PowerShell script that will transform your firewall log into XML.

Why? So instead of looking at the log like this
image

You can easily transform it into a table where you can make queries and sort in the way you would like this

Run the command
image

View all traffic that has been allowed by using this command
$xml.fwlog.traffic | Where-Object {$_.action -match “ALLOW” } | ft

image

Or all ALLOWed traffic where destination IP = 10.100.100.100, source IP = 10.100.100.250

image

Or if you want to save it to a file, just hit $xml.Save(“C:\Temp\filewall.xml”) and you can view it in your favorite application.

These are just some examples, there are endless way to make the query

Just download the PowerShell script and start your firewall investigations!

FirewallLog2XML.zip

Advertisements

One comment

Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.