-
Notifications
You must be signed in to change notification settings - Fork 11
/
Get-WindowsFirewallLog.ps1
40 lines (31 loc) · 1.24 KB
/
Get-WindowsFirewallLog.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#requires -version 3
<#
.SYNOPSIS
Get-WindowsFirewallLog - A quick and dirty Windows Firewall log parser
.DESCRIPTION
Not designed to do anything fancy.
Just parses the Windows Firewall log and displays it in a PowerShell GridView
.LINK
https://github.com/dstreefkerk/PowerShell/blob/master/Get-WindowsFirewallLog.ps1
.NOTES
Written By: Daniel Streefkerk
Website: http://daniel.streefkerkonline.com
Twitter: http://twitter.com/dstreefkerk
Todo: Nothing at the moment
Change Log
v1.0, 01/11/2018 - Initial version
#>
function Get-WindowsFirewallLog {
param(
[parameter(Position=0,Mandatory=$false)]
[ValidateScript({Test-Path $_})]
[string]$LogFilePath = "$env:SystemRoot\System32\LogFiles\Firewall\pfirewall.log"
)
# CSV header fields, to be used later when converting each line of the tailed log from CSV
$headerFields = @("date","time","action","protocol","src-ip","dst-ip","src-port","dst-port","size","tcpflags","tcpsyn","tcpack","tcpwin","icmptype","icmpcode","info","path")
# Read in the firewall log
$firewallLogs = Get-Content $LogFilePath | ConvertFrom-Csv -Header $headerFields -Delimiter ' '
# Output logs into a gridview
$firewallLogs | Out-GridView
}
Get-WindowsFirewallLog