Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
growing server log
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
growing server log - 2.Jun.2004 12:44:00 PM
|
|
|
aro
Posts: 15
Joined: 2.Jun.2004
Status: offline
|
Hi all,
My ISA sever logs keep growing at alarming rate. Is there a way I can control this explosive growth? In addition, any tool available for controlling what is written to the logs.
cheers
|
|
|
|
|
RE: growing server log - 2.Jun.2004 8:06:00 PM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi M,
Do you know what type of traffic is generating all these entries?
You can reduce the number of fields that are logged, and you can also choose to not log the results of any rule you choose.
HTH,
Tom
|
|
|
|
|
RE: growing server log - 13.Jun.2004 1:38:00 PM
|
|
|
aro
Posts: 15
Joined: 2.Jun.2004
Status: offline
|
Hi thomas,
I only log 5 items. the server logs many anonymous entries, how can I reduce or prevent this from happening. I discovered this to be one of the errors in ISA proxy loging. In addition, can I prevent request to a particular url from reaching the server.
Regards.
|
|
|
|
|
RE: growing server log - 13.Jun.2004 7:22:00 PM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi M,
I would call this a strength of ISA firewall logging, as intruders can't hide their exploits by getting around your log. However, you have complete control over what gets logged and what does not get logged.
You should determine what is causing what you believe to be excessive logging. Could be an exploit taking place right now!
HTH,
Tom
|
|
|
|
|
RE: growing server log - 14.Jun.2004 10:18:00 AM
|
|
|
aro
Posts: 15
Joined: 2.Jun.2004
Status: offline
|
Hi Tom,
the cause of this excessive loging is not clear to me yet, however, the requests are to a particular site. looks more like DoS attack. instead of ISA to log the user name, it logs the users as anonymous.
I want to prevent this request from getting to the ISA server. I have implemented IP filtering, it didn't work.
i also notice that ISA always log 2 anonymous request made by browser for each resounce whenever a user try to autheticate and make request to a site, why is this so?
which of your book treats managing ISA server best in term of administration, scripting issues and troubleshooting attacks.
regards.
|
|
|
|
|
RE: growing server log - 14.Jun.2004 3:05:00 PM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Mko,
Your first step is to determine what is causing the excessive logging. What information do you have from the log entries? What is the destination port and address?
Thanks!
Tom
|
|
|
|
|
RE: growing server log - 15.Jun.2004 9:02:00 AM
|
|
|
aro
Posts: 15
Joined: 2.Jun.2004
Status: offline
|
Hi Tom,
I know the destination address but the source changes because it is IPs. though the destination has been blocked, but ISA still logs every requests going to it. I suspect virus on the source computers but I have no control on them. Is there a way to block such request from getting to ISA, or any script to delete such entries from ISA logs?
Thanks.
MK
|
|
|
|
|
RE: growing server log - 15.Jun.2004 5:41:00 PM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi MK,
You can turn off logging for the rule that is triggered. However, the solution is to remove the viruses.
HTH,
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
