RE: Selective Logging on ISA 2000
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 28 Nov 2005 11:34:13 -0800
If the connection is blocked by ISA, the web server will never see the traffic
and therefore can't log it.
Check the ISA web proxy logs for denials for that site.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Michael Saul [mailto:michael.saul@xxxxxxxxx]
Sent: Monday, November 28, 2005 11:32
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Selective Logging on ISA 2000
http://www.ISAserver.org
I haven't disabled logging, but in the logs, I'm only seeing the successful
connections, not anything that has failed.
For example, if a client tries to connect to the server specified in the rule,
and isn't listed in one of the specified client address sets, he is given a
connection refused error. When I look in the web logs on either server, I
don't see any attempt made, it is never logged.
What I would like to do is see all connections to a specific web rule.
Does that make more sense?
On 11/28/05, Jim Harrison <Jim@xxxxxxxxxxxx> wrote:
> http://www.ISAserver.org
>
> I'm not clear - have you disabled logging for this rule?
> By default, ISA logs all the primary info you need to evaluate the traffic
> passed by the rules.
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: Michael Saul [mailto:michael.saul@xxxxxxxxx]
> Sent: Monday, November 28, 2005 10:45
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Selective Logging on ISA 2000
>
> http://www.ISAserver.org
>
> Hi all,
>
> Long time reader, first time poster. I have a question about creating a
> selective log file with ISA 2000 Enterprise.
>
> We are currently using a two server array as a perimeter firewall. We are
> publishing several websites using the standard publishing, with NLB on the
> outside.
>
> One of the web sites that we are publishing is a standard .NET web service.
> We are using bridged SSL along with specific address sets to filter access.
>
> All of this has been working very well for us for several months. As a
> matter of fact, we get several thousand transactions through the web services
> all day long.
>
> Here's the issue part: we have one vendor who recently installed a firewall
> (it's unknown what kind) and is no longer able to to access our web services.
> Several dozen other companies are all still functioning just fine.
>
> I have been asked to troubleshoot this on our end (yes I know-they changed
> something and it stopped working-seems to me the issue is on their side). I
> know that the issue is at the ISA server because I'm not seeing anything on
> the web server logs.
>
> Is there a way to see a log of all connections to a specific published site?
> I know that I can use the web logs to see all of our successful connections
> to the published site, but it is not logging the rest of the connections.
> I'm hesitant to turn on full logging because there would be mountains of data
> to get through and the performance hit might be a bit much.
>
> Does anyone have any suggestions about how I could get more information about
> what is failing, or how I could turn on logging for a specific published site?
>
> Thank you in advance!
>
> Michael Saul
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> michael.saul@xxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
