RE: Selective Logging on ISA 2000
- From: Michael Saul <michael.saul@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 28 Nov 2005 11:31:35 -0800
I haven't disabled logging, but in the logs, I'm only seeing the
successful connections, not anything that has failed.
For example, if a client tries to connect to the server specified in
the rule, and isn't listed in one of the specified client address
sets, he is given a connection refused error. When I look in the web
logs on either server, I don't see any attempt made, it is never
logged.
What I would like to do is see all connections to a specific web rule.
Does that make more sense?
On 11/28/05, Jim Harrison <Jim@xxxxxxxxxxxx> wrote:
> http://www.ISAserver.org
>
> I'm not clear - have you disabled logging for this rule?
> By default, ISA logs all the primary info you need to evaluate the traffic
> passed by the rules.
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: Michael Saul [mailto:michael.saul@xxxxxxxxx]
> Sent: Monday, November 28, 2005 10:45
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Selective Logging on ISA 2000
>
> http://www.ISAserver.org
>
> Hi all,
>
> Long time reader, first time poster. I have a question about creating a
> selective log file with ISA 2000 Enterprise.
>
> We are currently using a two server array as a perimeter firewall. We are
> publishing several websites using the standard publishing, with NLB on the
> outside.
>
> One of the web sites that we are publishing is a standard .NET web service.
> We are using bridged SSL along with specific address sets to filter access.
>
> All of this has been working very well for us for several months. As a
> matter of fact, we get several thousand transactions through the web services
> all day long.
>
> Here's the issue part: we have one vendor who recently installed a firewall
> (it's unknown what kind) and is no longer able to to access our web services.
> Several dozen other companies are all still functioning just fine.
>
> I have been asked to troubleshoot this on our end (yes I know-they changed
> something and it stopped working-seems to me the issue is on their side). I
> know that the issue is at the ISA server because I'm not seeing anything on
> the web server logs.
>
> Is there a way to see a log of all connections to a specific published site?
> I know that I can use the web logs to see all of our successful connections
> to the published site, but it is not logging the rest of the connections.
> I'm hesitant to turn on full logging because there would be mountains of data
> to get through and the performance hit might be a bit much.
>
> Does anyone have any suggestions about how I could get more information about
> what is failing, or how I could turn on logging for a specific published site?
>
> Thank you in advance!
>
> Michael Saul
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> michael.saul@xxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
Other related posts:
