I have been sitting and looking at built-in Windows Firewall logs for a while and I have not found any funny way of looking at these, so I just created a PowerShell script that will transform your firewall log into XML.

Why? So instead of looking at the log like this
image

You can easily transform it into a table where you can make queries and sort in the way you would like this

Run the command
image

View all traffic that has been allowed by using this command
$xml.fwlog.traffic | Where-Object {$_.action -match “ALLOW” } | ft

image

Or all ALLOWed traffic where destination IP = 10.100.100.100, source IP = 10.100.100.250

image

Or if you want to save it to a file, just hit $xml.Save(“C:\Temp\filewall.xml”) and you can view it in your favorite application.

These are just some examples, there are endless way to make the query

Just download the PowerShell script and start your firewall investigations!

FirewallLog2XML.zip

Advertisements