Interpreting ISA 2004 reports (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting


Quitch -> Interpreting ISA 2004 reports (10.Aug.2009 8:22:43 AM)

So I'm trying to pull useful information from ISA 2004, but thus far either the documentation is lacking or my search skills are as I can't find some information on what certain terms or graphs actually represent. To take my top issues:
  1. Why are so many object types unknown (it's always the top type)? I've seen a number of logs where the remote server is ignoring the formats which ISA can handle, but I don't know if this is related.
  2. How extensive is ISAs browser knowledge? Should I take unknowns to be the limited number of Firefox 3-3.5 installs, or is it more likely automated downloads via tools like WSUS?
  3. How does ISA determine the client operating system?
  4. What is the difference between web and application traffic?
  5. Why can top destinations have traffic amounts far in excess of top websites? I have one destination registering at 8GB (by IP, but I know the URL it will be), yet it's not represented on the top website list at all.
Hopefully you can help so I can make better use of these reports. At the moment I'm not sure how to interpret some of the figures.

Page: [1]