If the connection is blocked by ISA, the web server will never see the traffic and therefore can't log it. Check the ISA web proxy logs for denials for that site. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Michael Saul [mailto:michael.saul@xxxxxxxxx] Sent: Monday, November 28, 2005 11:32 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Selective Logging on ISA 2000 http://www.ISAserver.org I haven't disabled logging, but in the logs, I'm only seeing the successful connections, not anything that has failed. For example, if a client tries to connect to the server specified in the rule, and isn't listed in one of the specified client address sets, he is given a connection refused error. When I look in the web logs on either server, I don't see any attempt made, it is never logged. What I would like to do is see all connections to a specific web rule. Does that make more sense? On 11/28/05, Jim Harrison <Jim@xxxxxxxxxxxx> wrote: > http://www.ISAserver.org > > I'm not clear - have you disabled logging for this rule? > By default, ISA logs all the primary info you need to evaluate the traffic > passed by the rules. > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: Michael Saul [mailto:michael.saul@xxxxxxxxx] > Sent: Monday, November 28, 2005 10:45 > To: [ISAserver.org Discussion List] > Subject: [isalist] Selective Logging on ISA 2000 > > http://www.ISAserver.org > > Hi all, > > Long time reader, first time poster. I have a question about creating a > selective log file with ISA 2000 Enterprise. > > We are currently using a two server array as a perimeter firewall. We are > publishing several websites using the standard publishing, with NLB on the > outside. > > One of the web sites that we are publishing is a standard .NET web service. > We are using bridged SSL along with specific address sets to filter access. > > All of this has been working very well for us for several months. As a > matter of fact, we get several thousand transactions through the web services > all day long. > > Here's the issue part: we have one vendor who recently installed a firewall > (it's unknown what kind) and is no longer able to to access our web services. > Several dozen other companies are all still functioning just fine. > > I have been asked to troubleshoot this on our end (yes I know-they changed > something and it stopped working-seems to me the issue is on their side). I > know that the issue is at the ISA server because I'm not seeing anything on > the web server logs. > > Is there a way to see a log of all connections to a specific published site? > I know that I can use the web logs to see all of our successful connections > to the published site, but it is not logging the rest of the connections. > I'm hesitant to turn on full logging because there would be mountains of data > to get through and the performance hit might be a bit much. > > Does anyone have any suggestions about how I could get more information about > what is failing, or how I could turn on logging for a specific published site? > > Thank you in advance! > > Michael Saul > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > michael.saul@xxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.