[isapros] Re: Logging takes out the firewall service

  • From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
  • To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx>
  • Date: Thu, 11 Jan 2007 08:47:26 -0800

Can we get detailed errors on exactly what fault is causing the service to
stop?  It should be in the alerts.

Rather than disabling logging, he should just disable "lockdown mode" when
logging encounters and error.

t


On 1/11/07 7:41 AM, "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx> spoketh
to all:

> Need some ideas for this one. He says he has 2 ISA servers (on SBS) and
> on each one ISA logging causes the firewall service to stop. Here's the
> background.
> 
> "The big picture is this.
> 
> With Logging turned On in ISA, and set to log to an MSDE database, the
> RAM usage goes out of site (I know, it's supposed to use it all, then
> free it up when necessary, but that doesn't happen!), and eventually
> causing the firewall service to stop. Which of course locks up any kind
> of connectivity internally or externally. Sometimes restarting the
> firewall service fixes it, (but only until it crashes again), and
> sometimes we have to reboot the entire box.
> 
> So, temporarily, I've turned off ISA Logging to see what happens. Viola,
> no more troubles!
> 
> Now, this is happening on two different boxes:
> 
> 1.       Dell PowerEdge SC440, Pentium 4 2.80 GHz, with 3GB RAM
> 
> 2.       Generic box from D&H Distributors, Xeon 2.66GHz with 2GB RAM
> 
> Same problem on both boxes. I've turned the ISA logging off on both, and
> it fixed the problem of the firewall crashing."
> 
> 
> "Prior to getting in touch with you, I have verified that the ISA
> instance of MSDE was the one using up RAM, and used a SQL command to
> limit it. While that seemed to limit the ram usage, we were still
> experiencing firewall crashes. Which caused me to change the logging to
> write to a file, rather than the MSDE database. We still had the same
> crashing, and so I turned logging off completely. Things cleared up
> then, and we haven't had a firewall crash since. But that's probably
> been close to a month.
> 
> So at this point, I'm getting back to looking at exactly what was
> causing the crashing. I suppose the next step is for me to turn logging
> back on, set to MSDE, and carefully track what happens.
> 
> Do you have any other suggestions for me?"
> 
> Nope I really don't. The only thing I can think of at this point is
> perhaps his servers are under attack and the reason the firewall goes
> into lockdown is that it runs out of space for storing a massive amount
> of logs. I'm going to ping him back and ask him how many MB's of logs
> he's generating in a day.
> 
> Any ideas I can forward to this guy?
> 
> PS: I hate having to double post this stuff to reach you guys.
> 
> Amy Babinchak
> Harbor Computer Services
> 
> 
> 
> 



Other related posts: