• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Monitoring Logging

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting >> Monitoring Logging Page: [1]
Login
Message << Older Topic   Newer Topic >>
Monitoring Logging - 25.Aug.2009 10:45:20 AM   
diek

 

Posts: 4
Joined: 25.Aug.2009
Status: offline
When using ISA 2004 Monitoring Logging to trace data going through the ISA Server I see only data going from internal to external. There is no external to internal data displayed. This used to work and with no upgrades or changes that I know of it has started to do this. I use this a lot and can not figure out what I did to display the internal to external data only. Has anyone ever seen this happen?

Thanks
Ken
Post #: 1
RE: Monitoring Logging - 25.Aug.2009 1:49:00 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

have you tried to create a filter from source network equals External to see if anything is logged?

Do you have any access rule configured to not log requests on ISA firewall?

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to diek)
Post #: 2
RE: Monitoring Logging - 25.Aug.2009 10:35:16 PM   
diek

 

Posts: 4
Joined: 25.Aug.2009
Status: offline
When I created a filter to display the data when the Source Nnetwork equals External it logs it only when the destination port equals 443 (https). I can not find an access rule configured to not log request on ISA firewall. The rule that displays when the external data destination port is 443 is a OWA Publishing rule. This publishing rule allows protocal port 443 access to our Exchange server. My Last Default Rule is deny all traffic from All Networks (and local host) to All Networks (and local host).

Thanks for your reply to my problem
Ken   

(in reply to paulo.oliveira)
Post #: 3
RE: Monitoring Logging - 27.Aug.2009 3:22:29 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

have you tried to do a port scan against your ISA server?

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to diek)
Post #: 4
RE: Monitoring Logging - 28.Aug.2009 2:38:32 PM   
diek

 

Posts: 4
Joined: 25.Aug.2009
Status: offline
How do I do a port scan against the ISA server?
What will that tell me? 

(in reply to paulo.oliveira)
Post #: 5
RE: Monitoring Logging - 28.Aug.2009 2:42:29 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

thre´s a bunch of sites on the internet that does it.

This way you can monitor ISA logs while scanning for open ports and check if something is been logging on ISA.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to diek)
Post #: 6
RE: Monitoring Logging - 31.Aug.2009 8:45:31 PM   
diek

 

Posts: 4
Joined: 25.Aug.2009
Status: offline
I downloaded a port scan program and ran it on the ISA server but I don't understand what this is suppose tell me while I am monitoring the ISA log?

(in reply to paulo.oliveira)
Post #: 7
RE: Monitoring Logging - 10.Sep.2009 12:05:03 PM   
kdiekemper

 

Posts: 54
Joined: 26.Sep.2005
Status: offline
I am haveing the same problem and have determined that when I set a filter with source network equals external I can see external traffic comming in from rules that allow external traffic in such as smpt for emails comming into our Exchange email server only. When this filter is not set I can only see traffic generated by internal users as source network internal and it does not show the external traffic response to a internal request out that is shown.

Filters I have set are
Log time is live
Log Record Type equals Firewall and Proxy

I use this quite often in trouble shooting by putting in a filter for the client IP that is trying to get out and is blocked. to find out what needs to be opened to allow them to access to the external destination network. I can not figure out what I have changed to cause this to stop working.

Thanks
Ken

(in reply to diek)
Post #: 8
RE: Monitoring Logging - 10.Sep.2009 7:18:26 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
The default filters should also include:

Action => Not Equal To => Connection Status

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to kdiekemper)
Post #: 9
RE: Monitoring Logging - 11.Sep.2009 9:02:19 AM   
kdiekemper

 

Posts: 54
Joined: 26.Sep.2005
Status: offline
I thought you had it there when I saw your response but it did not fix the problem.
I even reset the server because I had not done that since this problem had started and they did help either. Thanks for the info and I'll keep looking and hope someone else may have a idea.

(in reply to Jason Jones)
Post #: 10
RE: Monitoring Logging - 30.Sep.2009 11:59:17 AM   
kdiekemper

 

Posts: 54
Joined: 26.Sep.2005
Status: offline
Monitoring Logging still only shows my internal client http reqquest out data only.
Am I wrong in thinking that I should see response data coming in.that  is a response to the http request I saw going out?

I can see request smpt data comming into my email server but I do not see the smpt response data going out from it.

I also have log date and log time enabled to be displayed and it doesn't display any more and I used to get it because I have printouts I saved that show that it used to be there.

Thanks,
Ken

< Message edited by kdiekemper -- 30.Sep.2009 12:01:22 PM >

(in reply to kdiekemper)
Post #: 11

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting >> Monitoring Logging Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts