The best way to handle data munging is to BCP the data from the ISA MSDE instance to your main database and let the ISA logs disappear of their own accord. This way, you don't have to contend with DB locking from your S&D missions that cause ISA to go into LDM. If you wanna share the process you've created, I'll be happy to file the bug. It'll be good to have a SQL-heavy on my side for once. -------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -------------------------------------------- -----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Thursday, December 15, 2005 10:20 PM To: [ISAserver.org Discussion List] Subject: [isalist] Lockdown Mode http://www.ISAserver.org OK, I've tested the availability of System Policy access rules when an ISA server is in "lockdown" mode, and they just don't work. So, I'm calling "horse-hockey" on that. Has anyone else added remote management rules to the System Policy and forced ISA into lockdown mode by not allowing it to log, and still accessed the server via RDP or otherwise? Further, if you are logging to a SQL database, it seems like you are *forced* to disable lockdown-mode all-together. Any maintenance at all to the ISALog database on the SQL server seems to totally fsk the logging connection. The ODBC logging is kind of punked anyway-- even though you're inserting records to a table with nvarchar and varchar data types, the ISA ODBC connector "pads" the data sent. So even if you have a 25 char ClientUserName, ISA pads the data and fills the field. This is why the default log file is so damned big-- given this, we HAVE to parse the data into something more manageable. 1 Gig per day for 85 or so users is really nuts. But I've got my own process that posts into a table of my own design, and trims the data in the process. This has to run every night-- but when it does, ISA punks out on logging, and goes into lockdown mode. And I'm not logging to some ghetto box, either-- this is to a cluster of 2 Dell 2650 dual-proc MoFo's with a half terabyte shared SCSI array. I can extrapolate a million decimal places of Pi on these boxes in seconds (I've done it. My favorite is the eight 8's in a row at about 300 million). If this were documented, it would be OK- but it kind of sucks to build a robust infrastructure with detailed logging only to have to disable lockdown mode if you do so. I *like* lockdown mode. But I don't like that the system policy doesn't seem to work in LDM, nor that you have to switch to MSDE logging just to run a job to clean up the data that your Enterprise Firewall solution is logging... Anyone? Beuller? Anyone? t ----- "I may disapprove of what you say, but I will defend to the death your right to say it." ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.