Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Isa 2006 logging

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Logging and Reporting >> Isa 2006 logging Page: [1]
Login
Message << Older Topic   Newer Topic >>
Isa 2006 logging - 22.Nov.2007 7:33:38 PM   
jcolston

 

Posts: 3
Joined: 22.Nov.2007
Status: offline 		I have got logging setup to a remote SQL database rather than to local files or MSDE.

We moved to this solution as it places less over head on the ISA severs resources. this is working out well except....

To avoid logging info that is not needed i have gone into edit the log settings and unticked all the fields which I have deamed uneccesary.
problem: these changes have not filtered through to the logs so that when i run a query all the fields which i have unchecked are still showing up. Do these changes require a restart of the firewall service or am i missing something?

problem2: within the firewall policies we have a few policies which I am not interested in capturing logs for. Within the specified  firewall rule properties I have unchecked the box "log request mathcing this rule". After i have done this i ran a query and again my changes have not been realised and there are still logs matching the rules which i have turned off logging.

any help appreciated 
Post #: 1
RE: Isa 2006 logging - 23.Nov.2007 7:33:55 PM   
Jason Jones

 

Posts: 2154
Joined: 30.Jul.2002
From: United Kingdom
Status: offline 		I think you need to restart the firewall service for these types of changes...

_____________________________

Jason Jones (MVP)

Silversands Limited http://www.silversands.co.uk
My Blog: http://blog.msfirewall.org.uk/

Get our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to jcolston)
Post #: 2
RE: Isa 2006 logging - 26.Nov.2007 7:54:52 PM   
jcolston

 

Posts: 3
Joined: 22.Nov.2007
Status: offline 		HI there

I did the restart of both ISA servers on the weekend and the changes i wanted to be realised still are not.

-it is still logging "intra array" communication which i thought i turned off.
-it is still logging other firewall rules which i have turned logging off for.
-the fields I have unchecked because i dont want them included in the logs are still being logged.

this is very strange as it seems like such a simple process however ISA is ignoring these changes.

(in reply to Jason Jones)
Post #: 3
RE: Isa 2006 logging - 26.Dec.2007 5:09:31 PM   
fwayne

 

Posts: 3
Joined: 7.Dec.2007
Status: offline 		ISA 2006 firewall logging is broken.

Web Proxy logging works correctly, but firewall logging seems to log an arbitrary rule name. If I have ISA rules set up as follows:

HTTP allow rule 1
HTTP allow rule 2
HTTP allow rule 3
:

the web proxy log shows connections correctly associated with the rule that contains the URLs or domains being accessed. The firewall log will generally (but not always) show "HTTP allow rule 1," even though the URL or domain being accessed is not associated with that rule.

Maybe this is whats happening to your firewall log, except that your disabled rule are being listed even though they are not the ones being applied.

(in reply to jcolston)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Logging and Reporting >> Isa 2006 logging Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts