Getting started with Microsoft ISA Server 2006, Part 10: Logging

This entry is part 10 of 12 in the series Getting started with Microsoft ISA Server 2006

Logging

From Part 9: Client Configuration, you learn how to configure a client computer. On this post, I will show how to use logging to observe usage which is a feature on ISA Server 2006 which keeps track any usage on ISA Server 2006. When there is a communication between networks (Internal, External, Localhost, etc.) on the ISA Server, it will generate log. The log shows the log time, source IP address, destination IP address and port, action, rule applied to, etc. You can configure what fields that you want to log. There are three log storage formats supported on ISA Server 2006: MSDE database, SQL database and file.

The benefits of logging:

  • Track usage on certain users, groups.
  • Troubleshoot issues on the ISA Server.
  • Keep as Internet access log. In some countries, it is require to keep the Internet access log in order to comply with the law.

Step-by-step

Logging Configuration

Actually, there is no need to configure logging on ISA Server 2006 because the configuration works great on default settings already.

  1. Open Logging by expand Arrays -> BKKISA001 -> Monitoring. Click on Logging tab.
    ISA Server Logging
  2. To configure firewall logging, select Tasks -> Configure Firewall Logging.
    Note: You also can configure web proxy logging by click on Configure Web Proxy Logging. The configuration is the same as firewall logging so I will not repeat it.
    Configure Firewall Logging
  3. On Firewall Logging Properties, you can choose to keep log on MSDE, SQL Server or a file. The default configuration is MSDE database and the default location is C:\Program Files\Microsoft ISA Server\ISALogs. Let’s click on Options next to MSDE database to see what can be configured for MSDE database.
    Firewall Logging Properties
  4. On Options, you see that you can change location to store the log files and the log file storage limitation. You can limit the size of log files, maintain disk space by deleting the older log files or discard new entries and whether you want to delete log files after period of time.
    Log MSDE Database Options
  5. Back to Firewall Logging Properties, there is another tab, Fields. Here you can customize which fields you want to keep or discard on log files. Normally, you don’t have to modify these configuration. It works perfect by default.
    Log Fields

Observe Logging

  1. On Logging, click on Start Query.
    Start Query
  2. Generate some traffic by access the Internet on the client computer. Open web browser and browse to www.google.com.
    Access the Internet
  3. Now you see some logs on the ISA Server 2006.
    Logging on ISA Server 2006
  4. You can filter logging on ISA Server 2006 by click on Edit Filter.
    Open Edit Filter
  5. On Edit Filter, modify columns and conditions as you want. Then, click Start Query.
    Edit Filter
  6. This is an example of the filtered logs on ISA Server 2006.
    The Filtered Result

What’s Next?

Now you learn how to observe logging on ISA Server 2006. It is a useful feature which allow you to troubleshoot issues most of the time. Next, I will show more advance topic, HTTP filtering.

Series Navigation<< Getting started with Microsoft ISA Server 2006, Part 9: Client ConfigurationGetting started with Microsoft ISA Server 2006, Part 11: HTTP Filtering >>

4 Comments

  1. CARLYLE February 16, 2010
  2. ali May 2, 2010
  3. John August 13, 2010

Leave a Reply