Configuring Microsoft ISA Server
Firewall Analyzer supports Microsoft Internet Security and Acceleration
(ISA) Server 2000,2004, & 2006.
|
Supported ISA Log Formats in Firewall Analyzer:
Firewall Analyzer supports W3C extended log file format
for Packet filters, ISA Server Firewall Service, and
ISA Server Web Proxy Service. ISA Server File log
format is supported for ISA Server Web Proxy Service
only. |
Configuring Microsoft ISA Server
- Open the "ISA Management" console.
- Select "Monitoring Configuration" from the left-hand side
console tree, and then select the "Logs" folder.
- In the "Logs" folder, right click on each of the listed
component (like Packet filters, ISA Server Firewall Service,
ISA Server Web Proxy Service), select "Properties" and set the log
format to W3C extended log file format.
For more information, refer the Microsoft ISA Server documentation.
Once you have configured the ISA Server, then in Firewall Analyzer you
can Import this log
file.
- You can schedule the import of logs using localhost. You can share the ISA log folder and can map it to network drive of Firewall Analyzer server. Then, you can schedule the local import to import periodically.
In case if you are running Firewall Analyzer as a service, you should ensure that Firewall Analyzer has enough permission to access the file in shared folder.
- If you want Firewall Analyzer to periodically import the ISA
Server logs use FTP import provision in "Remote Host", with
the time interval less than the time interval set in the ISA Server.
|
We recommend Local Import Schedule option over Remote Host FTP Import option. |
Firewall Analyzer handles Dynamic Filename change of ISA Server log files.
|
Micosoft ISA Proxy server creates log file with new name (with time stamp appended) everyday. If the Micosoft ISA Proxy log files are to be imported, you do not have to change the filename daily, instead select the Change filename dynamically option while importing the logs. Selecting the option displays the the Filename pattern: text box to enter the time stamp pattern that the Proxy server appends when the Proxy server creates the log file daily. A help tip icon displays, (when you hover the mouse on the icon) the mapping of the Timestamp in Filename to the Pattern to be given. Enter the pattern as required. |
Configuring Microsoft ISA Server 2004 & 2006
By default Microsoft ISA Server 2004 & 2006 stores log files into MSDE databases (Microsoft SQL Desktop Engine).
Log files options placement in ISA Management Console 2004 & 2006
In order to switch log files format from MSDE to W3C please do the following:
- Run ISA Management Console
- Select Monitoring item on the left pane
- Select Logging tab on the center pane
- Select Tasks tab on the right pane
You will need to change log files format for Firewall and Web proxy. Please choose Configure Firewall Logging and Configure Web Proxy Logging items and perform actions shown below for each.
Log file format settings for Firewall and Web Proxy
Check on File option. In the dropdown list select W3C extended log file format. Enable logging for this service option should be enabled. If you want to change log files location, press Options button, another dialog will appear where you can change the log files path, Compress log files and Delete log files older than should remain disabled. Select Fields tab and check that all necessary fields are enabled. Please see table below for the list of necessary fields.
Necessary Fields
Firewall log files |
Web proxy log files |
Log Date
Log Time
Transport
Client IP and port
Destination IP and port
Action
Protocol
Bytes sent
Bytes sent Delta
Bytes recevied
Bytes recevied Delta
Client Username
Client Agent |
Client IP
Client Username
Client Agent
Log Date
Log Time
Bytes Recevied
Bytes Sent
Protocol
URL
Object source
HTTP Status Code |
ProxyInspector work only with log files since access to the log files is significantly faster than access to SQL databases(nevertheless you can import data from existing MSDE databases using Database | Move data from ISA 2004 & 2006 MSDE databases). ProxyInspector supports both W3C and ISA Native log files formats. Recommended format is W3C.
|