ISA Server provides logging to a file for the Web Proxy Service, Firewall Service, and for packet filters. There are two kinds of text logging formats supported under ISA Server:
- W3C Log File Format – The W3C file format is a standard log file format and is selected as the default option. The W3C format stores data in a text file that contains both data and directives that described the logged fields along with the version and date. The file format is delimiter.
- ISA Server File Format – The ISA Server file format only contains data with no directives. All fields are logged (whether you selected them or not) and unselected fields appear in the log file with a dash to indicate that the field is empty. A comma is used as a delimiter.
Of the two file formats, the W3C file format gives you more information and is easier to view as a simple text file.
By default, all log files are stored in the ISALogs folder found in the Microsoft ISA Server folder. Log files are named in the following format:
- Web Proxy Service – WEBEXTDyyyymmdd.log. For example, a log file created on June 23, 2001 would be named WEBEXTED20010623.log
- Firewall Service – FWSEXTDyyyymmdd.log. For example, a log file created on June 23, 2001 would be named FWSEXTD20010623.log.
- Packet Filters – IPPEXTDyyyymmdd.log. For example, a log file created on June 23, 2001 would be named IPPEXTD20010623.log.
When configuring log files, you also have the option to compress the log files and limit the number that are created for each service (7 by default). Compression helps reduce log file size, but only works if the log files are stored on NTFS volumes.
Amazon.com (April, 2001)
Curt Simmons is also the Author of ‘Microsoft Internet Security and Acceleration Server 2000 Study Guide : Exam 70-227 ( Certification Study Guides)‘
- Click Start | Programs | Microsoft ISA Server | ISA Management.
- Expand the desired array, then expand Monitoring Configuration and select the Logs folder. In the right pane, you see the Packet Filters, ISA Server Firewall Service, and ISA Server Web Proxy Service log file components.
- You can double-click any log file component to access the properties sheets, which are the same for each type of log file. You see a Log and Fields tab. On the Log tab, shown in the following figure, you can use the drop-down menu to select either W3C or ISA Server file format. You can also use the drop-down menu to select when the log will be created, either daily, weekly, monthly, or yearly. You also see the default name of the log file. Make sure the “enable logging for this service” check box is selected at the bottom of the window.
- If you click the Options button, shown in following figure, you can choose to store the log files in the default ISALogs folder, or you can select the Other folder radio button and browse for a location. You also see the Other Options check boxes for log file compression and log file number limits, which you can select if desired. Make any changes and click OK.
- If you click the Fields tab, shown in the following figure, you see the fields that are used in the log. Selected fields are provided while non-selected fields are not provided. You can make changes to this list as desired, and each fields list is specific for each type of log file.
Curt Simmons, MCSE, MCT, CTT, is a technology author and trainer from Dallas. Visit Curt on the Internet at http://curtsimmons.hypermart.net.