none
Windows Firewall not logging...... RRS feed

  • Question

  • Hi! I have Windows 2012R2 and I have the firewall set to log (some machines locally, some via GPO). Regardless of how its set, I notice that when the log reached the max size of 4096kb and rolls over, it stops logging. 

    I see the pfirewall.log.old at the max size, and the pfirewall.log file at 0kb. 

    Any ideas? 

    If I reboot it starts to log again, until it hits the max file size. 

    Tuesday, June 14, 2016 3:43 PM

Answers

  • Found this and applied it....

    https://blogs.technet.microsoft.com/supportingwindows/2016/05/24/fix-firewall-service-freezes-and-crashes-if-the-firewall-logging-is-enabled-in-windows-8-1-or-windows-server-2012-r2/

    Still having the same issue. 

    • Edited by Actif2009 Monday, June 20, 2016 6:34 PM
    • Marked as answer by Actif2009 Tuesday, June 21, 2016 1:18 PM
    Monday, June 20, 2016 5:01 PM
  • I accidentally applied the wrong rollup, I applied the rollup mentioned above and it seems to work fine now. I guess it boiled down to...

    https://support.microsoft.com/en-us/kb/3155768

    • Marked as answer by Actif2009 Tuesday, June 21, 2016 1:18 PM
    Tuesday, June 21, 2016 1:18 PM

All replies

  • Hi,

    Thanks for your post.

    Under ordinary conditions, when the firewall log reaches its maximum size, the old one is saved as "pfirewall.log.old" and a new one is created. When the next log reaches its max size, then the "pfirewall.log.old " is actually overwritten.

    1. Regarding your issue, have you tried deleting the two logs and letting it re-create?

    2. The location you specify must have permissions assigned that permit the Windows Firewall service to write to the log file. Please check the location or change a location to have a test.

    3. Try to change the maximum size to have a test.

    Configure the Windows Firewall Log

    https://technet.microsoft.com/en-us/library/cc947815(v=ws.10).aspx

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, June 15, 2016 5:31 AM
    Moderator
  • After some more research this is what I am noticing...

    The pfirewall.log rolls after at 1:40am, then I see the following system log messages right after. This is on all machines that are logging the firewall. 

    Monday, June 20, 2016 1:14 PM
  • Found this and applied it....

    https://blogs.technet.microsoft.com/supportingwindows/2016/05/24/fix-firewall-service-freezes-and-crashes-if-the-firewall-logging-is-enabled-in-windows-8-1-or-windows-server-2012-r2/

    Still having the same issue. 

    • Edited by Actif2009 Monday, June 20, 2016 6:34 PM
    • Marked as answer by Actif2009 Tuesday, June 21, 2016 1:18 PM
    Monday, June 20, 2016 5:01 PM
  • Hi,

    Please check if you have set the log retention Policy in your environment:

    Set Log Retention Policy

    https://technet.microsoft.com/en-us/library/cc721981(v=ws.11).aspx

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, June 21, 2016 8:53 AM
    Moderator
  • I accidentally applied the wrong rollup, I applied the rollup mentioned above and it seems to work fine now. I guess it boiled down to...

    https://support.microsoft.com/en-us/kb/3155768

    • Marked as answer by Actif2009 Tuesday, June 21, 2016 1:18 PM
    Tuesday, June 21, 2016 1:18 PM