Monitoring Your Systems with ISA Server

[November 26, 2001]
Monitoring Your Systems with ISA Server
By: Jeff Fellinge
Feature
InstantDoc #23076
Web Exclusive from Windows IT Pro

I found configuring ODBC logging a bit tricky and not as intuitive as the Help files indicate it will be. If you have problems, such as one of the services failing to start, consider using these techniques:

If you use Windows Only authentication and the ISA Server services start under the Local System account, create a login on the SQL Server computer named domainname\ computername$ and grant that account Database Access to the ISA Log database. Figure 3 shows this configuration.
If you intend to use SQL Authentication, ensure that you've configured SQL Server Security for Mixed Mode (Windows Authentication and SQL Server Authentication) and that the DSN and ISA Server SQL user credentials are entered correctly.

After you've successfully logged to the database, you can configure a database client such as Access for rapid front-end access to the data. You'll find it handy to link an Access table to the SQL data source and execute short queries to retrieve data. For example, to retrieve the previous 30 minutes of activity, enter this query:

SELECT *
  FROM  dbo_FirewallLog
WHERE  (((Day([logDate]))
=Day(Now())) AND ((Hour([logTime]))>Hour(Now())
-1) AND ((Minute([logTime])) 
>Minute(Now())-30) AND ((Month([logDate]))=Month(Now())))

ORDER BY dbo_FirewallLog
.logDate DESC,
         dbo_FirewallLog
.logTime DESC;

When you choose whether to log through ODBC or to a text file, be sure to consider the loading and performance impact on your ISA Server.

ICSA Endorsement: Running with the Big Dogs Takes Its Toll
Independent security laboratory ICSA Labs endorsed ISA Server in February 2001 as a certified firewall under criteria 3.01. Many people consider ICSA Labs to be the main and most objective body for determining the standards for security-related products. Although this certification will likely draw more attention to ISA Server as a true enterprise firewall, ICSA Labs identified logging as an area that needed change. Microsoft provided two hotfixes and a script that alter the default behavior of ISA Server to satisfy the ICSA criteria. You can find these files and script on the ICSA Web site (http://www.icsalabs.com/html/communities/firewalls/certification/ vendors/microsoft/index.shtml). Usually, ISA Server applies packet filters only to the external interface.

These changes reconfigure ISA Server Packet Filtering to block and log traffic on the internal interface, dramatically affecting how ISA Server fundamentally operates. Operating ISA Server in this configuration results in substantial drawbacks—in my opinion, almost crippling the product. The configuration disables or severely limits ISA Server functionality, including firewall clients, array functionality, Web proxy listeners, and authentication to domain controllers (DCs). With this patch, you must use SecureNAT, and your ISA server must be a standalone server that isn't a part of a domain.

Reporting for Duty
Through ISA Server's fairly intuitive interface, you can generate reports on a flexible schedule. ISA Server logs generate the reports, which are functional and clearly organized although not as comprehensive as those that third-party providers have developed.

Microsoft's inclusion of autogenerated HTML-based reports is a useful addition to the ISA Server firewall package—especially considering that competitive products cost several thousands of dollars per firewall. The report function uses the ISA Server text log files. (Note that if you change to ODBC logging, ISA Server will continue to generate your scheduled reports, but those reports will be blank or incorrect.)

ISA Server reports can display information for five different time segments—daily, weekly, monthly, yearly, or for a custom period. You can also schedule recurring reports. One drawback is that you can't create a report for the current day and view the report immediately. (If you create a report for today, you must wait until the following day to view it.) However, you can create a report for any previous day's data and view it immediately.

Microsoft categorizes the reports into Summary, Web Usage, Application Usage, Traffic & Utilization, and Security. Figure 4 shows a Web browser -accessed sample report. Because the reports aren't template driven, adding to or changing the appearance or content isn't simple. The reports are fairly basic and offer few extended functions or parsing features such as DNS lookup or protocol name and number translation. If you need more flexible reports, consider a third-party reporting tool such as WebTrends' Firewall Suite, which now includes support for ISA Server reporting on general firewall and outgoing Web access. Such third-party reporting software products highlight aggregating log data and providing more customization options for report presentation.

Need It Realtime?
ISA Server provides realtime reporting for active sessions, current alerts, and running services. These options reside under the Monitoring node of the ISA Management snap-in. ISA Server also installs additional performance counters, as Figure 5 shows. ISA Server includes five performance objects to monitor Bandwidth Control, Cache, Firewall Service, Packet Filter, and Web Proxy Service.

These objects contain the ISA Server performance counters, which offer a gold mine of realtime information about ISA Server's health. Use these built-in tools to monitor ISA Server in realtime or to monitor ISA Server over a period of time to create a baseline, then watch for any performance degradation that load changes or perhaps a maintenance problem might cause.

Also, use the performance counters to determine the remaining capacity of an array member and to help pinpoint input and output bottlenecks. Looking at disk or CPU performance will give an indication of whether you should add more disk space, more processors, or another server to address a bottleneck. For example, if your logs and cache reside on the same disk as your ISA Server installation, use Performance Monitor to identify whether disk throughput affects end users.

Flexible and comprehensive monitoring differentiates great products. ISA Server provides a good suite of monitoring tools and functionality. And with this Microsoft .NET Framework product, Microsoft has left the door open for others to develop what isn't included and improve what is.

End of Article

Prev. page 1 2 [3] next page -->

You must log on before posting a comment.

If you don't have a username & password, please register now.

ADS BY GOOGLE SPONSORED LINKS

Order Your SharePoint Fundamentals CD!: Learn how to uncover rich information management capabilities with this free SharePoint CD.

Try Idera’s new SQL admin toolset!: 24 essential desktop tools for managing SQL Server for $495.

Simplify your data management: Affordable multi-database query and design tool-- free trial!

Virtualization Congress Oct. 14-16: Don't miss Virtualization Congress, the premiere EMEA conference dedicated to hardware, OS and application virtualization. Oct. 14-16 in London.

FEATURED LINKS

Master SharePoint with 3 eLearning Seminars: Learn how to customize field types, create scheduled services, and go further with the Content Query Web Part with MVP Andrew Connell. Register today!

Microsoft BI Conference – Oct. 6-8: Discover best practices and gain product insight from Microsoft’s product experts in the 2nd annual event in Seattle.

Attention User Groups & User Group Leaders...: Announcing the eNews Generator—a FREE HTML e-newsletter builder for user group leaders. Build your HTML and text e-newsletters in minutes. And add Windows IT Pro & SQL Server Mag articles alongside your own message!.

Get SQL Server 2008 at SQL Connections: Don’t miss SQL Server Magazine Connections Conference, the premier event for Microsoft developers and DBAs, in Las Vegas, November 10-13. Every attendee will receive a copy of SQL Server 2008 Standard Edition with one CAL.

SQL Server Magazine Master CD: Take the Experts with You!: Find the solutions you need in thousands of searchable articles, helpful bonus content, and loads of expert advice with the SQL Server Magazine Master CD. Order comes with a 1-year subscription to the new, online articles posted every day!

	SQL Server Magazine Register Subscribe FAQ for Windows WinInfoNews
	Contact Us / Customer Service Editorial Calendar Media Kit Affiliates / Licensing Technical Resources Directory
	Windows IT Pro Office & SharePoint Pro Windows Dev Pro IT Library Connected Home Windows Excavator SuperSite IT Job Hound ITTV

	Copyright © 2008 Penton Media, Inc. All rights reserved. Terms and Use Privacy Statement Reprints and Licensing

Search

Related Whitepapers

Related Events

Related eBooks

Related Essential Guides

Related Resources

vLabs Links

SQL Job Openings

ADS BY GOOGLE SPONSORED LINKS

FEATURED LINKS