I have added a firewall rule to block access from a particular external ip range from where there have been large numbers of attempted logins to SQL Server. I would like a log which contains the inbound connection attempts which are now being blocked by this rule. When I look in the logging settings there appear to be only two logging options: (i) Log dropped packets, (ii) Log successful connections. So how do I log unsuccessful connections ? - or log the activity associated with a particular rule ? - and can these events be channelled to the windows event viewer ? thxAndrew G

The router or hardware firewall would be the first block and provides a log. Configure those to block the IP range. How are these intrusions getting past those? An internal attacker on the network?

Yes, I could do that - but that doesn't really address the issue of how to get the software firewall to log events - which is what I asked.Andrew G

When I look in the logging settings there appear to be only two logging options: (i) Log dropped packets, (ii) Log successful connections. Exactly; the first option will log the "unsuccessful connections" that is the connection attempts which are dropped due to filter rules in the firewall - the second option will instead log all the connections which the firewall will let through My suggestion is to check BOTH options and ensure to raise the logfile size; start by using a value of 8192, then keep an eye on your box to check when the firewall log gets "rotated" (more later) at that point, if the rotation takes place too often, increase the size of the logfile As for the rotation, the firewall will log entries up to the given "max size" and, as soon as it's reached, the log file will be renamed (ok copied over) as ".log.old" and a new ".log" file will be created, so, after some time, you'll find two log files inside the logs folder, the current one (.log) and the previous one (.log.old) A last note; to ease the task of revising the logs, you may set up a (scheduled) script to import the logs into (e.g.) a database so that you'll be able to use whatever query or graphing tool to examine or graph the data, generate stats and so on

ok thanks - that clears it up.Andrew G