ways of tracking the IP of an abuser?

From: Tyson (smltowerBADSPAM@hotmail.com)
Date: 03/18/03 

From: "Tyson" <smltowerBADSPAM@hotmail.com>
Date: Mon, 17 Mar 2003 18:12:36 -0800

We are looking into installing a personal firewall on our
clients. However that is a huge bag of worms since we
handle over 500 systems. Since we must develop a way to
centrally configure and install the personal firewall it
most likely won't happen til late summer.

Our network admin is also looking at tightening up his
filtering on the routers.

I'm hoping to find a way to find an IP from an attack.
I've toyed with running netstat every few minutes and
dumping the output to a log but that seems cumbersome. I'd
much rather find a way to make windows include IPs in its
logs (it is already letting us know the attack ishappening
but only provides a netbios name which I can't correlate
to an IP) or find a tool that will monitor access and post
logs when access to a port happens.

Do personal firewalls support usch logging?