RE: Lockdown Mode

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 15 Dec 2005 22:48:42 -0800

The best way to handle data munging is to BCP the data from the ISA MSDE
instance to your main database and let the ISA logs disappear of their
own accord.
This way, you don't have to contend with DB locking from your S&D
missions that cause ISA to go into LDM.

If you wanna share the process you've created, I'll be happy to file the
bug.
It'll be good to have a SQL-heavy on my side for once.

--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] 
Sent: Thursday, December 15, 2005 10:20 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Lockdown Mode

http://www.ISAserver.org


OK, I've tested the availability of System Policy access rules when an
ISA 
server is in "lockdown" mode, and they just don't work.  So, I'm calling

"horse-hockey" on that.  Has anyone else added remote management rules
to 
the System Policy and forced ISA into lockdown mode by not allowing it
to 
log, and still accessed the server via RDP or otherwise?

Further, if you are logging to a SQL database, it seems like you are 
*forced* to disable lockdown-mode all-together.   Any maintenance at all
to 
the ISALog database on the SQL server seems to totally fsk the logging 
connection.  The ODBC logging is kind of punked anyway-- even though
you're 
inserting records to a table with nvarchar and varchar data types, the
ISA 
ODBC connector "pads" the data sent.  So even if you have a 25 char 
ClientUserName, ISA pads the data and fills the field.  This is why the 
default log file is so damned big-- given this, we HAVE to parse the
data 
into something more manageable.  1 Gig per day for 85 or so users is
really 
nuts.  But I've got my own process that posts into a table of my own
design, 
and trims the data in the process.  This has to run every night-- but
when 
it does, ISA punks out on logging, and goes into lockdown mode.  And I'm
not 
logging to some ghetto box, either-- this is to a cluster of 2 Dell 2650

dual-proc MoFo's with a half terabyte shared SCSI array.   I can
extrapolate 
a million decimal places of Pi on these boxes in seconds (I've done it.
My 
favorite is the eight 8's in a row at about 300 million).

If this were documented, it would be OK- but it kind of sucks to build a

robust infrastructure with detailed logging only to have to disable
lockdown 
mode if you do so.  I *like* lockdown mode.   But I don't like that the 
system policy doesn't seem to work in LDM, nor that you have to switch
to 
MSDE logging just to run a job to clean up the data that your Enterprise

Firewall solution is logging...

Anyone?  Beuller?  Anyone?

t

-----
"I may disapprove of what you say,
but I will defend to the death your
right to say it."



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.



Other related posts: