Relocating ISA logs? (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting



Message


grinn253 -> Relocating ISA logs? (26.Aug.2004 1:50:00 AM)

Hello,

What i thought would be simple is turning out to be a little more difficult.

I'd like to change where ISA stores the MSDE logs from the installation folder to:

d:\ISALogs\Firewall
d:\ISALogs\Webproxy

After the move however ISA FW Service doesn't start indicating:
quote:
Microsoft Firewall failed to start. The failure occurred during Creation of logging module because the configuration property msFPCLogFileDirectory of key SOFTWARE\Microsoft\Fpc\Storage\Array-Root\Arrays\{7B4A6B36-554B-4F38-A003-14901C00D6FA}\Logs\Proxy-WSP is not valid. Use the source location 5.798.4.0.2161.50 to report the failure. The error description is: The filename, directory name, or volume label syntax is incorrect. The failure is due to error: The filename, directory name, or volume label syntax is incorrect.
Firewall Service failed to initialize. Previous event log entries might help determine the proper action.

Which appears to be an event # 11002. Following the registry path reveals a correct location.

When i move the location of logs back to default folder, ISA starts up nicely. Are there certain NTFS permissions that need to be on the destination folder? FWIW, I also removed 'everyone' 'users' 'creator owner' from the root of drive D: and C:

Currently it appears when i add "creator owner' to the destination folder it sporadically works.

Thank you to all in advance.
Edgardo




tshinder -> RE: Relocating ISA logs? (26.Aug.2004 3:42:00 PM)

Hi Edgardo,

Try mirroring the NTFS permissions from the original folder to the destination folder.

HTH,
Tom




grinn253 -> RE: Relocating ISA logs? (26.Aug.2004 7:40:00 PM)

quote:
Originally posted by tshinder:
...Try mirroring the NTFS permissions from the original folder to the destination folder...

Destination folder permissions are the same. After reformatting (good time to test the backup/restore of .xml) I was able to move the logs into the "d" drive. After removing 'everyone,' 'users,' 'creator owner' from root of 'd' drive, isa wouldn't start up again.
Adding those groups back to the root, and isa starts up. I was able to narrow the required list and remove 'users,' and 'creator owner.' taking 'everyone' away from root of 'd' drive irritates isa. [Smile]

Not liking the 'everyone' group on the 'd' drive, i replaced them with, 'authenticated users,' which seems to work. Not liking 'authenticated users' on the root, i placed them on "D:\isalogs" but that didn't work.

So currently it appears the root of d: drive needs 'authenticated users' to have read access. However this isn't the case with the C: drive, so [Confused]

Thanks,
Edgardo

edit: I am able to take away 'authenticated users' from root now, and put 'network service' with read/execute on root instead which appears okay for now.

[ August 26, 2004, 07:51 PM: Message edited by: grinn253 ]




tshinder -> RE: Relocating ISA logs? (28.Aug.2004 9:22:00 PM)

Hi Edgardo,

Yes, the ISA firewall services run in the context of the Network Service account.

Good to hear you got it working and thanks for the follow up!

Tom




Page: [1]