Actually, the setup below works great! However, I still don't like writing directly to the SQL machines. I setup ISA to save into the follow and have created a structure like this: \\ISALOGS \\ISALOGS\PACKET\ \\ISALOGS\FIREWALL\ \\ISALOGS\PROXY\ Then nightly around (1800) 6:00 PM pacific time which is an hour past the time my logs change I move the daily logs into: \\ISALOGSOLD \\ISALOGSOLD\PACKET\ \\ISALOGSOLD\FIREWALL\ \\ISALOGSOLD\PROXY\ The reason I do this is that when you setup logs in ISA the default is 7 days of logs to store, so If you forgot to move the logs they all get written over again. You could change the number of logging days but it's not necessary when you follow the above sequence. The nice thing is that it is automated. The next step is processing the logs. I setup a scheduled job to run at night for each of the 3 logs that import into my StatSphere Database. After each log is imported the log files are moved into: \\ISLOGSPROCESSED \\ISALOGSPROCESSED\PACKET\ \\ISALOGSPROCESSED\FIREWALL\ \\ISALOGSPROCESSED\PROXY\ Once there I back them up to tape and delete. I've been testing out some additional functionality that will help with the speed of the import using the BATCH IMPORT funcitions of SQL. So, I've created a tool that strips out the comments from each log. I'll keep you all posted on that one. Thank you, Joseph ----- Original Message ----- From: "Greg Hess" <gmh@xxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, April 12, 2004 11:28 AM Subject: [isalist] Re: Logging to SQL Server http://www.ISAserver.org Is the only way to do this, then, to log in my ISA server under a user account with permissions? (I should say here that we don't use SQL logins, only MS authentication on the SQL server). This seems an odd way to go, having to have the server 'logged in' in order for this to work. G. -----Original Message----- From: cismic [mailto:cismic@xxxxxxx] Sent: Monday, April 12, 2004 1:58 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Logging to SQL Server http://www.ISAserver.org ISA Server >> ODBC DRIVER >> REMOTE SQL On my ISA Server I utilize HOSTS FILE. I setup where my SQL machine resides so that when I create an ODBC rule, the host header knows what to grab. I'm not sure where your SQL machine resides. I have a back to back setup ISASERVER >> DMZ >> ISASERVER >> SQL MACHINE On my second ISA server is where I have the publishing rule for the SQL machine. Machines in the DMZ use the hosts file to point to the external NIC of the internal ISASERVER. I also, don't use "SA" without a password nor do I use "SA" with a password on my machines in the DMZ or external ISASERVER. On my SQL Machine, I create a local user (example) LoggingUser with log on locally rights. Then I create a new logon user in SQL and point to my statistics DB as the default DB for that user. Once all that is done and you have created similar users on the machines in the DMZ then you can utilize a trusted connection via only with "LoggingUser" This user does not need to be part of the internal ACTIVE DIRECTORY. So, when you create you ODBC connection specify the LoggingUser account along with your password that you setup for that account. Rember the password would be the same on the ISASERVER LoggingUser and the SQL LoggingUser. HTH, Joseph ----- Original Message ----- From: "Greg Hess" <gmh@xxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, April 12, 2004 8:58 AM Subject: [isalist] Logging to SQL Server http://www.ISAserver.org Hello everyone, I am trying to configure logging to our SQL server from our ISA server. I followed the article on ISAserver.org and I can test the ODBC connection fine, but when I configure the logging and restart the service I get an error indicating I don't have permissions. This is a remote SQL box, do I have to configure the services to start under another user account or...something? Any help is appreciated. Tx. Greg. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmh@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')