RE: question about ISA server

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Ashish Chetal (ashiche_at_online.microsoft.com)
Date: 05/19/04

• Next message: Kenneth: "ISA and Mdaemon"
• Previous message: triolian: "OWA stops working, and have to stop and restart proxy services"
• In reply to: David: "question about ISA server"
• Messages sorted by: [ date ] [ thread ]

---

Date: Wed, 19 May 2004 01:15:47 GMT

There are several logging options in ISA

In the ISA management console..under monitoring configurations ... you will
need to check that logging is enabled on the properties page for each
service whose traffic you want to log,this would be the packet filter
service, the firewall service and the webproxy service......
On the log tab of the properties window for each service , you can also
define the location for storage of log files....
Either as files....with the formats,...W3C, ISA format or ODBC format where
you can mention the SQL server where you would want to store the data and
table names etc..

The logs will contain the information contained in the field selected for
logging on the fields tab of the properties of the service above...

To see the network activity based on the logs... you can use the inbuilt
defined formats such as -
Summary Reports
Summary reports include a set of reports that illustrate network traffic
usage, sorted by application. These reports are most relevant to the
network administrator or the person managing or planning a company's
Internet connectivity.

Web Usage Reports
Web usage reports include a set of reports that display top Web users,
common responses, and browsers. These reports are most relevant to the
network administrator or the person managing or planning a company's
Internet connectivity. It shows how the Web is being used in a company.

Application Usage Reports
Application usage reports illustrate Internet application usage in a
company, including incoming and outgoing traffic, top users, client
applications, and destinations.

Traffic and Utilization Reports
Traffic and utilization reports illustrate total Internet usage by
application, protocol, and direction; average traffic and peak simultaneous
connections; cache hit ratio; errors; and other statistics. These reports
can help plan and monitor network capacity and determine bandwidth policies.

Security Reports
Security reports list attempts to breach network security. Security reports
can help identify attacks or security violations after they have occurred.

http://www.microsoft.com/resources/documentation/isa/2000/enterprise/proddoc
s/en-us/isadocs/cmt_reportbuilt.mspx

Or else use specialised log analyzer software to sift more detailed
patterns and information.

Yes you can block messenger apps such as msn messenger using the inbulti
protocol definitions and use them in protocol rules denying access.

All packets that pass through Microsoft Internet Security and Acceleration
(ISA) Server can be logged to the packet filter log. You can configure
exactly which packets are logged:
• By default, when you install ISA Server, all dropped packets are logged
to the packet filter log. When you disable packet filtering, logging is
turned off altogether.
• You can configure ISA Server to disable logging for packets that are
dropped due to any specific block-mode IP packet filter.
• You can configure ISA Server to log all packets—allowed and dropped—that
are communicated by way of ISA Server. When you enable logging of allowed
packets, all packets that pass through ISA Server are logged in the packet
filter log.

Logging allowed packets and blocked packets causes a considerable load on
the server.

http://www.microsoft.com/resources/documentation/isa/2000/enterprise/proddoc
s/en-us/isadocs/cmt_logpackets.mspx

============================================================================
===

Ashish Chetal

This posting is provided “AS IS” with no warranties, and confers no rights.

============================================================================
===

---

• Next message: Kenneth: "ISA and Mdaemon"
• Previous message: triolian: "OWA stops working, and have to stop and restart proxy services"
• In reply to: David: "question about ISA server"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Logs stopped reporting ... Probably for the period when your logging was stopped you didn't get data ... For those days you can have only empty reports. ... I tried rebooting and upgrading to ISA ... tried deleting old logs also. ... (microsoft.public.isa.configuration) Re: ServU-deamon trojan warning with McAfee ... connection is free, any significant change in your usage is an indicator ... ISA has reporting features, the reports are ... > program has a port scanner, proxy analyser, whois, trace route, etc. ... (microsoft.public.backoffice.smallbiz2000) RE: ISA 2000 reports custom date? ... This newsgroup only focuses on SBS technical issues. ... ISA 2000 reports custom date? ... (microsoft.public.windows.server.sbs) Re: Internet access erratic and unusable ... It's been a very busy and hectic few days, hence the late response. ... The confusing thing to me was, in the ISA ... reports some packets were being reported as dropped or blocked ... Try this from SBS Server and try it from your Router (Router you may only ... (microsoft.public.backoffice.smallbiz2000) Re: ISA Web Usage Reporting By User ... ISA 2000 is pretty limited in the reporting functionality ... "Brian Bonewitz" wrote in message ... > I'm trying to get more detailed reporting out of ISA Server. ... > basic high level reports that do not list where an individual user has ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa.enterprise  > 2004-05