• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Log records from a machine that is off.

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Logging and Reporting >> Log records from a machine that is off. Page: [1]
Login
Message << Older Topic   Newer Topic >>
Log records from a machine that is off. - 23.Jan.2008 4:45:23 PM   
bobh

 

Posts: 3
Joined: 23.Jan.2008
Status: offline
Hi folks, having a small issue that I can't figure out.

I am running monitoring with a filter of "Firewall or web proxy"
and
logtime = live.
no other filters.

I am seeing log records with a protocol of "Unidentified IP Traffic"
from an internal machine

After not recognizing the ports in use, I ran netmon on that client machine, but saw no ports or IPs that matched the log record.

I then installed netmon on the ISA box, and still no trace of the records.

Just to be sure, I then turned OFF the machine, over 10 minutes ago.

The live log is still showing  entries from the machine that is turned off.  I can no longer ping the source machine, and I don't have a duplicate IP on the network someplace.

Anyone ever see this phantom logging?

Is ISA 2006 fully cooked yet?  Or should I go back to 2004?

Any thoughts would be appreciated.
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Logging and Reporting >> Log records from a machine that is off. Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts