Re: How BAD is SQL on ISA?
- From: "cismic" <cismic@xxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 22 Jan 2003 00:13:50 -0800
Hi Jim,
I love collaboration! Start with a brick and build a house. I'll be home
after Jan 31st. I just live north of you by
The way in the central part of the state. I'll get what scripts I have with
me here tested and out to you.
I really need to start getting my stuff out on the web site. It has been
over 1 year since I've started learning about the ISA
Server and sometimes I'm just overwhelmed with all the goodies.
Joseph
-----Original Message-----
From: Jim Harrison [ISAQFE] [mailto:jim@xxxxxxxxxxxx]
Sent: Sunday, January 19, 2003 10:46 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: How BAD is SQL on ISA?
http://www.ISAserver.org
Interested in some collaboration?
I can add any ISA-specific stuff (like determining the logging folder and
appropriate files).
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver
http://isaserver.org/pages/author_index.asp?aut=3
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "cismic" <cismic@xxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Sunday, January 19, 2003 10:19
Subject: [isalist] Re: How BAD is SQL on ISA?
http://www.ISAserver.org
This is a multi-part message in MIME format.
----------------------------------------------------------------------------
----
Oki dokey folks,
I'm going to start uploading some scripts for you all to test. I only have
a few log files with me since I've been on the road the past 3 months that I
can use to test the features that these scripts offer. If you have time
please let me know what you think. The first script is a simple script to
move your isa log files into another location. I do this while on the road
since ISA will over write logs ever 7 days and I don't want that to happen.
So, the first thing that happens is my logs are moved to another drive
separate from the ISA logs that way when the import routines run they will
get all the logs available.
I've tried to keep the script formats simple and follow some simple
guidelines in the creation of the scripts and keep then close to what you
might find in the windows resource kit.
Until I get the passing of parameters added just create 4 directories in
what ever drive that you have setup to contain logs Then change the
constants below to reflect your drive locations. C:\Old Isa
Logs\PacketFilters\ C:\Old Isa Logs\FireWall\ C:\Old Isa Logs\WebProxy\
C:\LogFiles\
The folder values are represented by constants in the program script and you
can change the values to where you're log files are actually stored.
'---- Log Name Values ----
Const logPacketFilters = "PacketFilters\"
Const logWebProxy = "WebProxy\"
Const logFirewall = "Firewall\"
'---- Folder Name Values ----
Const fldISALogs = "C:\Program Files\Microsoft ISA Server\ISALogs" Const
fldOldLogs = "C:\Old Isa Logs\" Const fldLogFiles = "c:\LogFiles\"
Remember to change the .txt extension to .vbs when you receive this and let
me know if it works for you. I'll start posting all my scripts Sql, etc for
packetfilters, webproxy and firewall logs.
Joseph
-----Original Message-----
From: Quillman Shawn (RBNA/CIT1.1) [mailto:Shawn.Quillman@xxxxxxxxxxxx]
Sent: Wednesday, January 15, 2003 8:12 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: How BAD is SQL on ISA?
http://www.ISAserver.org
I had a DTS package at one point that did this (I think). Let me go see if
I can find it.
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: Jim Harrison [ISAQFE] [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, January 15, 2003 11:02 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: How BAD is SQL on ISA?
http://www.ISAserver.org
Actually, a BCP script that grabs yesterday's logs would be very useful.
Who's a SQL guru here?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver
http://isaserver.org/pages/author_index.asp?aut=3
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "William Robertson" <william.robertson@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, January 14, 2003 23:02
Subject: [isalist] Re: How BAD is SQL on ISA?
http://www.ISAserver.org
Ok everybody, I think I get the picture. The bottom line is that I shouldn't
consider compromising my ISA Configuration by installing SQL Server.
On the other hand, I am still not entirely convinced that I want to get ISA
Server to log directly to a different server, because if anything happens on
the network or that other server, then my ISA server won't be able to log
and thus all Internet Surfing will be compromised, if not disabled.
In light of this, I propose the following, leave ISA Server to log to flat
files, and then every morning I run a batch script to "archive" the previous
days logs into a SQL Server database on a different server. As far as I can
tell this is possibly my best approach, except for the fact that the
importing data from the logfiles into SQL could become quite hairy.
I see that Jim Harrison has a script on his website that will apparently do
just this, but it is unfortunately only for the WEB Proxy logs, so I was
wondering if anybody out there actually has some .vbs & .sql scripts that
will cater for all 3 logfiles?
Cheers
William R.
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: 14 January 2003 20:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: How BAD is SQL on ISA?
http://www.ISAserver.org
Hi Jim, et. al.,
SQL logging puts a considerable performance hit on the server, and if you're
hosting the database on the ISA Server itself, you may hit the glass ceiling
:-)
Tom
Thomas W Shinder
www.isaserver.org/shinder
http://tinyurl.com/1jq1
http://tinyurl.com/1llp
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, January 14, 2003 11:44 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: How BAD is SQL on ISA?
http://www.ISAserver.org
Generally speaking, stick to your "least privileges" concept; you can't go
wrong there. Perf, vulnerabilities and user rights become harder to control
when you have multiple users accessing your firewall; even if only for SQL
usage.
If $$ pushes you into that train track of thought, then make sure you: 1.
set a strong password for the "sa" account and control database access
permissions with an iron fist 2. don't provide direct access to the SQL
admin account from outside (no direct SQL calls); no PF for SQL access! 3.
remove any master-db SP and XP that you don't need for normal SQL
operations; many vulnerabilities have been found therein. 4. No one, but NO
ONE except the server admin gets administrative access to the SQL services!
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/pages/author_index.asp?aut=3
http://isatools.org
Read the help / books / articles!
----- Original Message -----
From: "William Robertson" <robertson.william@xxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, January 14, 2003 02:11
Subject: [isalist] How BAD is SQL on ISA?
http://www.ISAserver.org
Hi there
I live in a principle of least privileges and so I do not install anything
on my ISA Server which is not absolutely CRUCIAL to the survival of my
Firewalling Strategy.
However, I have been considering the option to start logging all ISA
requests to a SQL Database as opposed to flat files which is currently the
default logging method.
If I was to do this then I would like to keep the ISA Firewall independant
of any other server and as a result I would need to install SQL Server onto
my ISA Firewall.
What I would like to know is this:
1) Is it at all a good idea to install a product such as SQL Server onto my
ISA Firewall?
2) How robust is ISA when it comes to logging to a SQL Database as opposed
to the flat files?
3) How will it impact any Server Publishing rules that I have already
created on port 1433 (SQL Server)?
Cheers
William R.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows Security
Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows Security
Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows Security
Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows Security
Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows Security
Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows Security
Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
----------------------------------------------------------------------------
----
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows Security
Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows Security
Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
