SYSLOG through ISA Server 2004

• From: "Ian" <Ian@xxxxxxxxxxxxx>
• To: isalist@xxxxxxxxxxxxx
• Date: Sat, 5 Nov 2005 05:41:15 -0700

Hi,

I am having trouble in passing SYSLOG from my ADSL Router through to a
system in my DMZ.

BACKGROUND:
Running ISA Server 2004 standard edition
Platform is Windows Server 2003 standard edition 
I have defined a DMZ network (SMTP Relay etc.)172.16.29.0 /24
I have defined a Router Network (connection between ISA Server and ADSL
Router) 172.16.30.0 /24
I have defined an Internal Network 172.16.31.0 /24
All other networks are classed as external
ISA Server is classed as local host
I have defined the relationship between all networks as Route because NAT
is performed by the ADSL Router
I have set the Internal network properties to operate in proxy mode for
the usual protocols
I have a content plug-on running on ISA Server 2004 called WebMarshal (URL
screening, A/V screening and screening for malicious mobile code)

Operation:
I publish OWA, utilise VPN Clients and operate Proxy and cashing - all of
this works ok.

The Objective:
I simply want to log syslog messages from my ADSL router onto a Syslog
server running on my mail relay server on the DMZ.

The issue:
I have tried every concievable way of configuring the rule-base to get
this to work but cannot.

a) There is no pre-defined protocol for syslog. I created a protocol for
UDP 514, there are four options SEND, RECEIVE, SEND RECEIVE, RECEIVE SEND
to describe the behaviour of the protocol. The logging identifies the
protocol that is being blocked as UPD 514 SEND (this makes sense as it is
an unsolicited message that does not expect a response).

So my options are that I either setup an access rule or a server
publishing rule to handle this. To the best of my understanding, Access
rules are intended for outbound traffic only and publishing rules are
required for inbound connections.

As the Router Network is on the same ISA-Server interface as the external
network, then the traffic is deemed to be inbound and a publishing rule is
required. I try to configure a Server publishing rule, but it will only
allow me to define a protocol of UDP RECEIVE or UDP RECEIVE SEND, it will
not allow me to define a protocol of UDP SEND, as  a consequence the
traffic is not recognised and the syslog messages are dropped.

 
Any ideas on how I can resolve this would be greatly appreciated.

 

Other related posts:

• » SYSLOG through ISA Server 2004
• » RE: SYSLOG through ISA Server 2004
• » RE: SYSLOG through ISA Server 2004
• » RE: SYSLOG through ISA Server 2004

1. Home
2. isalist
3. Archive
4. 11-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---