Re: Frewall Logs Growing Too Large, Can I filter?

• From: "Thor \(Hammer of God\)" <thor@xxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 9 Dec 2005 08:49:22 -0800

You might want to look into logging to a SQL database...

That way you can "prune" retained log entries to suit your needs. I choose to log my Web Proxy logs (ISA 2004) to a SQL database; however, the DB gets really big really fast (about 1gig per day for me). Part of that is because of the poor table design of the OOB .sql file, and part of it is sheer data.

I have my own "custom" table that I post specific log data into every night with only the type of records I'm interested in from the day's activity so that my managers can review what their people are doing (if they want to). I then delete any records over 7 days old from the "raw" table. In this way, I keep a week's worth of rolling data in the raw logs, with daily updated records for usage.

t

-----
"And yet, even if one person finds his way... that means
there is a Way.  Even if I personally fail to reach it."

Mr. Nobusuke Tagomi
Top Place, Ranking Imperial Trade Mission
Pacific States of America

----- Original Message ----- From: "Kincer, Rick" <Rick_Kincer@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, December 09, 2005 7:54 AM
Subject: [isalist] Frewall Logs Growing Too Large, Can I filter?

http://www.ISAserver.org

Hello,
We are running ISA 2000 Enterprise with the newest SP, all users must
authenticate and also we are using Web Proxy and the Firewall client for
Winsock traffic from the workstations. The issue I am having is the users
have an application that must run through the FWC to get updates and send
updates, unfortunately this app goes out to the Internet so often that our
firewall log now grows way too large.

My question: Is there a way to filter out certain things from being logged
without removing one of the checkmarks from the filter settings, thus
filtering out other entries that I need from other traffic?

Thank you,

Rick

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » Re: Frewall Logs Growing Too Large, Can I filter?
• » Re: Frewall Logs Growing Too Large, Can I filter?
• » Re: Frewall Logs Growing Too Large, Can I filter?
• » Re: Frewall Logs Growing Too Large, Can I filter?
• » Frewall Logs Growing Too Large, Can I filter?
• » Re: Frewall Logs Growing Too Large, Can I filter?
• » Re: Frewall Logs Growing Too Large, Can I filter?
• » Re: Frewall Logs Growing Too Large, Can I filter?
• » Re: Frewall Logs Growing Too Large, Can I filter?

1. Home
2. isalist
3. Archive
4. 12-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---