[isapros] Logging takes out the firewall service

• From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
• To: <isapros@xxxxxxxxxxxxx>
• Date: Thu, 11 Jan 2007 10:41:24 -0500

Need some ideas for this one. He says he has 2 ISA servers (on SBS) and
on each one ISA logging causes the firewall service to stop. Here's the
background.

"The big picture is this. 

With Logging turned On in ISA, and set to log to an MSDE database, the
RAM usage goes out of site (I know, it's supposed to use it all, then
free it up when necessary, but that doesn't happen!), and eventually
causing the firewall service to stop. Which of course locks up any kind
of connectivity internally or externally. Sometimes restarting the
firewall service fixes it, (but only until it crashes again), and
sometimes we have to reboot the entire box. 

So, temporarily, I've turned off ISA Logging to see what happens. Viola,
no more troubles! 

Now, this is happening on two different boxes: 

1.       Dell PowerEdge SC440, Pentium 4 2.80 GHz, with 3GB RAM

2.       Generic box from D&H Distributors, Xeon 2.66GHz with 2GB RAM 

Same problem on both boxes. I've turned the ISA logging off on both, and
it fixed the problem of the firewall crashing."


"Prior to getting in touch with you, I have verified that the ISA
instance of MSDE was the one using up RAM, and used a SQL command to
limit it. While that seemed to limit the ram usage, we were still
experiencing firewall crashes. Which caused me to change the logging to
write to a file, rather than the MSDE database. We still had the same
crashing, and so I turned logging off completely. Things cleared up
then, and we haven't had a firewall crash since. But that's probably
been close to a month. 

So at this point, I'm getting back to looking at exactly what was
causing the crashing. I suppose the next step is for me to turn logging
back on, set to MSDE, and carefully track what happens. 

Do you have any other suggestions for me?"

Nope I really don't. The only thing I can think of at this point is
perhaps his servers are under attack and the reason the firewall goes
into lockdown is that it runs out of space for storing a massive amount
of logs. I'm going to ping him back and ask him how many MB's of logs
he's generating in a day. 

Any ideas I can forward to this guy?  

PS: I hate having to double post this stuff to reach you guys.

Amy Babinchak
Harbor Computer Services

• Follow-Ups:
  • [isapros] Re: Logging takes out the firewall service
    • From: Ara Avvali

• References:
  • [isapros] Re: Publishing Longhorn TS Gateway with ISA Server 2006
    • From: Jim Harrison

Other related posts:

• » [isapros] Logging takes out the firewall service
• » [isapros] Re: Logging takes out the firewall service
• » [isapros] Re: Logging takes out the firewall service

1. Home
2. isapros
3. Archive
4. 01-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---