I have been sitting and looking at built-in Windows Firewall logs for a while and I have not found any funny way of looking at these, so I just created a PowerShell script that will transform your firewall log into XML.

Why? So instead of looking at the log like this

You can easily transform it into a table where you can make queries and sort in the way you would like this

Run the command

View all traffic that has been allowed by using this command
$xml.fwlog.traffic | Where-Object {$_.action -match “ALLOW” } | ft


Or all ALLOWed traffic where destination IP =, source IP =


Or if you want to save it to a file, just hit $xml.Save(“C:\Temp\filewall.xml”) and you can view it in your favorite application.

These are just some examples, there are endless way to make the query

Just download the PowerShell script and start your firewall investigations!