I have installed ISAS 2004 SP2 on Windows Server 2003 R2 and thinking about managing the logs when it populates a lot of space on the system partition. Can I possibly archive its content so that it will reduce file size?
You can, but it's easier to do so if you log to text logs instead of to MSDE. The text log files can then be copied off the firewall, compressed, and stored indefinitely. You can compress the data with NTFS compression, zip, or gzip; you can get free Windows gzip/gunzip tools from http://unxutils.sourceforge.net. The W3C logs are easy to import into other databases and easy to search with SQL tools like the free Microsoft Log Parser (http://www.LogParser.com). Finally, logging to text files requires about 10% less CPU overhead than logging to MSDE and you don't have to worry about memory leaks; on the other hand, you lose the ability to do historical queries in the ISA management console.
thanks for the reply. Does it mean that it is much better to use a text log file instead of database logfile? Actually I am a previous user of ISAS2000 using text logfile for firewall and webproxy logs. but since ISAS2004 have historical queries feature, which is very helpful to search activities of the system.
what does isaserver.org recommends on activity logging?
> Does it mean that it is much better to use a text log file instead of database logfile?
Well, "better" is relative to what you want to accomplish, so, for example, if you really like the historical query GUI, then MSDE logging is better despite the slight performance impact. I personally prefer text logs since they're easier to manipulate with scripts and command-line tools, but it's a very debateable issue.
> what does isaserver.org recommend on activity logging?
I don't work here, I'm just a vagrant -- that's a question for Tom! :-)
Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
File logging will give you the best performace of all logging options, but you lose features like searching historical data in the ISA MMC as mentioned by J.F. You can still control max logging size and age though.
MSDE is often the best solution for simplicicity and gives more control of info in the ISA MMC including historic monitoring/reporting. ISA can also automatically manage the size and age of content in the MSDE database. The MSDE instance included with ISA cannot be accessed "off-box" though.
SQL logging tends to be best when you want centralised, "off-box" log storage/reporting and need to use SQL queries of SQL reporting services to look at log content.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting >> MSDE Log Maintenance 
MSDE Log Maintenance - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread