Monitoring Logging (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting


diek -> Monitoring Logging (25.Aug.2009 10:45:20 AM)

When using ISA 2004 Monitoring Logging to trace data going through the ISA Server I see only data going from internal to external. There is no external to internal data displayed. This used to work and with no upgrades or changes that I know of it has started to do this. I use this a lot and can not figure out what I did to display the internal to external data only. Has anyone ever seen this happen?


paulo.oliveira -> RE: Monitoring Logging (25.Aug.2009 1:49:00 PM)


have you tried to create a filter from source network equals External to see if anything is logged?

Do you have any access rule configured to not log requests on ISA firewall?

Paulo Oliveira.

diek -> RE: Monitoring Logging (25.Aug.2009 10:35:16 PM)

When I created a filter to display the data when the Source Nnetwork equals External it logs it only when the destination port equals 443 (https). I can not find an access rule configured to not log request on ISA firewall. The rule that displays when the external data destination port is 443 is a OWA Publishing rule. This publishing rule allows protocal port 443 access to our Exchange server. My Last Default Rule is deny all traffic from All Networks (and local host) to All Networks (and local host).

Thanks for your reply to my problem

paulo.oliveira -> RE: Monitoring Logging (27.Aug.2009 3:22:29 PM)


have you tried to do a port scan against your ISA server?

Paulo Oliveira.

diek -> RE: Monitoring Logging (28.Aug.2009 2:38:32 PM)

How do I do a port scan against the ISA server?
What will that tell me? 

paulo.oliveira -> RE: Monitoring Logging (28.Aug.2009 2:42:29 PM)


thre´s a bunch of sites on the internet that does it.

This way you can monitor ISA logs while scanning for open ports and check if something is been logging on ISA.

Paulo Oliveira.

diek -> RE: Monitoring Logging (31.Aug.2009 8:45:31 PM)

I downloaded a port scan program and ran it on the ISA server but I don't understand what this is suppose tell me while I am monitoring the ISA log?

kdiekemper -> RE: Monitoring Logging (10.Sep.2009 12:05:03 PM)

I am haveing the same problem and have determined that when I set a filter with source network equals external I can see external traffic comming in from rules that allow external traffic in such as smpt for emails comming into our Exchange email server only. When this filter is not set I can only see traffic generated by internal users as source network internal and it does not show the external traffic response to a internal request out that is shown.

Filters I have set are
Log time is live
Log Record Type equals Firewall and Proxy

I use this quite often in trouble shooting by putting in a filter for the client IP that is trying to get out and is blocked. to find out what needs to be opened to allow them to access to the external destination network. I can not figure out what I have changed to cause this to stop working.


Jason Jones -> RE: Monitoring Logging (10.Sep.2009 7:18:26 PM)

The default filters should also include:

Action => Not Equal To => Connection Status



kdiekemper -> RE: Monitoring Logging (11.Sep.2009 9:02:19 AM)

I thought you had it there when I saw your response but it did not fix the problem.
I even reset the server because I had not done that since this problem had started and they did help either. Thanks for the info and I'll keep looking and hope someone else may have a idea.

kdiekemper -> RE: Monitoring Logging (30.Sep.2009 11:59:17 AM)

Monitoring Logging still only shows my internal client http reqquest out data only.
Am I wrong in thinking that I should see response data coming in.that  is a response to the http request I saw going out?

I can see request smpt data comming into my email server but I do not see the smpt response data going out from it.

I also have log date and log time enabled to be displayed and it doesn't display any more and I used to get it because I have printouts I saved that show that it used to be there.


Page: [1]