Linglom's blog

This article is one of the series of Getting started with Microsoft ISA Server 2006. You can see the index of this series at Getting started with Microsoft ISA Server 2006, Part 1: Introduction.

Logging

From Part 9: Client Configuration, you learn how to configure a client computer. On this post, I will show how to use logging to observe usage which is a feature on ISA Server 2006 which keeps track any usage on ISA Server 2006.

When there is a communication between networks (Internal, External, Localhost, etc.) on the ISA Server, it will generate log. The log shows the log time, source IP address, destination IP address and port, action, rule applied to, etc. You can configure what fields that you want to log. There are three log storage formats supported on ISA Server 2006: MSDE database, SQL database and file.

The benefits of logging:

• Track usage on certain users, groups.
• Troubleshoot issues on the ISA Server.
• Keep as Internet access log. In some countries, it is require to keep the Internet access log in order to comply with the law.

Step-by-step

Logging Configuration

Actually, there is no need to configure logging on ISA Server 2006 because the configuration works great on default settings already.

1. Open Logging by expand Arrays -> BKKISA001 -> Monitoring. Click on Logging tab.
   
2. To configure firewall logging, select Tasks -> Configure Firewall Logging.
   Note: You also can configure web proxy logging by click on Configure Web Proxy Logging. The configuration is the same as firewall logging so I will not repeat it.
   
3. On Firewall Logging Properties, you can choose to keep log on MSDE, SQL Server or a file. The default configuration is MSDE database and the default location is C:\Program Files\Microsoft ISA Server\ISALogs. Let’s click on Options next to MSDE database to see what can be configured for MSDE database.
   
4. On Options, you see that you can change location to store the log files and the log file storage limitation. You can limit the size of log files, maintain disk space by deleting the older log files or discard new entries and whether you want to delete log files after period of time.
   
5. Back to Firewall Logging Properties, there is another tab, Fields. Here you can customize which fields you want to keep or discard on log files. Normally, you don’t have to modify these configuration. It works perfect by default.
   

Observe Logging

1. On Logging, click on Start Query.
   
2. Generate some traffic by access the Internet on the client computer. Open web browser and browse to www.google.com.
   
3. Now you see some logs on the ISA Server 2006.
   
4. You can filter logging on ISA Server 2006 by click on Edit Filter.
   
5. On Edit Filter, modify columns and conditions as you want. Then, click Start Query.
   
6. This is an example of the filtered logs on ISA Server 2006.
   

What’s Next?

Now you learn how to observe logging on ISA Server 2006. It is a useful feature which allow you to troubleshoot issues most of the time. Next, I will show more advance topic, HTTP filtering. See Part 11: HTTP Filtering.