Reputation:
Alert and Detect Firewall Activity
Is there any way, with PowerShell, to set up a sort of monitoring/alert/capture for firewall activity (i.e. blocks and allows, inbound and outbound)?
Upvotes: 1
Views: 389
Answers (2)
Reputation: 7489
I came up with a bunch of info on APIs to control the firewall, but not really to monitor it. PowerShell more broadly can use anything that .NET can, and I looked there, too. The closest option I could think of might be to enable logging and to use the log file to rig something janky up. Here's a link to how logging can be enabled:
http://blink.ucsd.edu/technology/security/firewall/windows7-a.html#4.-Enable-logging-to-view-denie
From there you will use Get-Content on the log file... and depending on what exactly you're trying to do you'll have to parse the text, maybe do some action, and then maybe log that to some other storage (XML or something) for handled events or save the last run time of your script somewhere and compare that to the date in the events in the log.
Good luck.
Upvotes: 1
Reputation: 405
There is a guide here on how to access the Windows Firewall. This is Powershell version of netsh advfirewall. http://technet.microsoft.com/en-us/library/hh831755.aspx
Not sure if this is what you are looking for ?
Upvotes: 0
Related Questions
- PowerShell find firewall rule by port
- Powershell script to add multiple remote address to firewall rules
- Add firewall rules over PowerShell from data in Excel
- Add Windows firewall rule over PowerShell
- How can you check for existing firewall rules using Powershell
- Create a firewall rule using powershell
- Windows Firewall Rule manipulation using PowerShell 2
- Change Windows Firewall Settings With PowerShell But Do Not Show Output
- How to check if firewall rule exists via Powershell, if not, pause script until it does?
- Retrieve software that has been authorized to pass through firewall in powershell