Greetings All, I am looking for a way to find out when one of my Windows Servers (both 2008 and 2003) get pinged. I am not trying to block pings I just want a way for the server to write a message to one of the event logs or something. I have just under 500 servers running the various flavors of Windows Server from 2003 to 2008 with and without R2 all at the latest available service packs. I am not running the Windows firewall on any of the servers though I might be willing to turn it on if there is way for it to log this info but not actually block any traffic. Any suggestions would be appreciated. Thanks, Greg

Hello, personally I don't know a Microsoft solution that performs that. Possible this could be done via a third party software. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator

I am looking for a way to find out when one of my Windows Servers (both 2008 and 2003) get pinged. I am not trying to block pings I just want a way for the server to write a message to one of the event logs or something. I have just under 500 servers running the various flavors of Windows Server from 2003 to 2008 with and without R2 all at the latest available service packs. I am not running the Windows firewall on any of the servers though I might be willing to turn it on if there is way for it to log this info but not actually block any traffic. You may try enabling the firewall and configuring it to log both accepted and discarded packets; not sure it will work for ICMP type 8 (aka "ping") packets too, but may be worth a try; if it will work, you should find the ping requests inside the firewall logfile By the way, if you could explain what you want to achieve (set aside "detecting ping") there may be some other way to do it

Thanks for the idea ObiWan, I am just looking for a way to find out if someone is pinging my servers. Perhaps doing a ping sweep. I am not looking to block this traffic but on occassion I might want to see who has been pinging my servers.

Thanks for the idea ObiWan You're welcome... did you try it and check if it works ? See, didn't check if, in effect, the windows firewall also logs such allowed ICMP packets. I am just looking for a way to find out if someone is pinging my servers. Perhaps doing a ping sweep. I am not looking to block this traffic but on occassion I might want to see who has been pinging my servers. Hmm... in such a case, using the local firewall won't be so efficient since you'll need to monitor each box log; given that you have a router or an hardware firewall in front of your servers, a better approach would be leveraging the logging capabilities of such devices and being able to monitor all the boxes at once; this will also ease detecting "ping sweeps" which would otherwise, only be detected by comparing the various entries from the various servers logs Notice that if what you're trying to achieve is some kind of monitoring of your servers to detect "attack" attempts or signs of compromission, you may want to consider installing this program (on a host or on a VM), and configuring things so that the box/VM running the program will be able to "see" all traffic flowing between your servers and the internet; at that point you'll be able to receive alerts and reports in case of whatever suspicious activity; for some examples, see here and here HTH