Re: ISA Server Logging Questions

From: Jim Harrison [MSFT] (jmharr_at_online.microsoft.com)
Date: 11/05/04

  • Next message: Patriot: "Opening Ports etc..." 
    Date: Fri, 5 Nov 2004 10:25:08 -0800

    For ISA 2000 and ISA 2004 SE those statements are true.

    They both use per-entry logging to SQL and will both stop serving requests if the logging destination fails.
    This is not limited to SQL logging; if text or database logging fails, then ISA will stop serving requests.
    If the logging destination is unresponsive during startup, the services will not start.

    This is by design, since firewall logs are often used as evidence. 

    -- 
 Jim Harrison [ISASE]
 Read the help, books and articles!
 This posting is provided "AS IS" with no warranties, and confers no rights.
"Andy" <Michael.Anderson@doc.state.wi.us> wrote in message news:dde3d01c.0411050831.b64e4d8@posting.google.com...
>From what I've read, there are issues logging to a SQL database on ISA
Server 2000.
Can someone verify that the following statements are true, and if they
are true for both ISA Server 2000 and 2004?
The major concerns I've found in other postings are:
1) ISA performance is degraded when using ODBC logging (as opposed to
text logging). This is true whether the SQL server is on the same
machine or over the network.
2) ISA Server stops serving requests if it can't log the traffic it
serves.  If the logging fails for any reason, the ISA services are
stopped.  Therefore, if the log is configured for SQL, and the SQL
database is unavailable, ISA service will not start. This is true at
boot time as well.
3) The only database supported for loggin is SQL Server.
4) Each ISA Server requires it's own SQL Server database for logging.
5) Quote: "Also, from experience, I would suggest you consider not
doing Live logging of data to SQL. First, it is slower and can affect
user performance. Second, if logging fails for any reason, ISA
services will stop. My suggest is that It works better and is more
reliable if you log to text files and then at the end of the day post
the entire file to SQL as a backend process. The down side is that it
is not automatic in the product. Check isatools.org for scripts that
can help do this."
If the above statements are true, it seems that logging to text files
as recommended above is the best option.  True or false for 2000/2004?
Thanks for your help!
Andy
  • Next message: Patriot: "Opening Ports etc..."

    Relevant Pages

    • Re: ISA Log to SQL Database Question
      ... I am actually logging to an Access DB and the logs had grown to over 2 GB. ... The MSDE that comes with ISA or the real "full" MS SQL ... >> I have a question about ISA Logging to a SQL Database. ...
      (microsoft.public.isa.configuration)
    • ISA Server Logging Questions
      ... there are issues logging to a SQL database on ISA ... are true for both ISA Server 2000 and 2004? ...
      (microsoft.public.isa)
    • RE: Usage Reporting via SQL Server
      ... Have you tried allowing the SQL protocol from your HR machines to your ISA ... Protocol: SQL Server ...
      (microsoft.public.isa.enterprise)
    • Re: ISA 04 EE und SQL Protokollierung
      ... Wenn man in eine Datei logt, dann sind beim ISA Format keine Direktiven dabei, bei W3C schon. ... Schiebt dann der eine ISA Server die Logs rüber zum anderen ISA Server aus dem Array? ... Groessere Installation (gerade im EE Umfeld SQL Logging) und wenn Logging nur "Nebensache" ist, ...
      (microsoft.public.de.german.isaserver)
    • Re: ISA 2000 to SQL 2000
      ... created a small database that links to the tables on the SQL server using ... Do any of the ISA Services have to be running at elevated privileges? ... currently using the SQL login. ... Microsoft Internet Security & Acceleration Server: ...
      (microsoft.public.isa.configuration)