Creating and Configuring ISA Server 2004 Alerts - Dr. Tom Shinderamp;#039;s Configuring ISA Server 1002004 [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Dr. Tom Shinderamp;#039;s Configuring ISA Server 1002004 [Electronic resources] - نسخه متنی

Thomas W. Shinder; Debra Littlejohn Shinder

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Back Cover Dr. Tom Shinder's Configuring ISA Server 2004 Introduction Acknowledgments About the Authors Technical Editor A Note From the Publisher From Deb and Tom Shinder, Authors Chapter 1: Evolution of a Firewall: From Proxy 1.0 to ISA 2004 The Book: What it Covers and Who It's For It's in the Book: What We Cover This Book's For You: Our Target Audience Security: The New Star of the Show Security: What's Microsoft Got to Do with It? Security: A Policy-Based Approach Security: A Multilayered Approach Firewalls: The Guardians at the Gateway Firewalls: History and Philosophy Firewalls: Understanding the Architecture Firewalls: Features and Functionality Firewalls: Role and Placement on the Network ISA: From Proxy Server to Full-Featured Firewall ISA: A Glint in MS Proxy Server's Eye ISA: A Personal Philosophy Summary Chapter 2: Examining the ISA Server 2004 Feature Set The New GUI: More Than Just a Pretty Interface Examining the Graphical Interface Examining The Management Nodes Teaching Old Features New Tricks Enhanced and Improved Remote Management Enhanced and Improved Firewall Features Enhanced and Improved Virtual Private Networking and Remote Access Enhanced and Improved Web Cache and Web Proxy Enhanced and Improved Monitoring and Reporting Multi-Networking Support New Application Layer Filtering (ALF) Features VPN Quarantine Control Missing in Action: Gone but Not Forgotten Live Media Stream Splitting H.323 Gateway Bandwidth Control Active Caching Summary Solutions Fast Track New GUI: More Than Just a Pretty Face Teaching Old Features New Tricks New Features on the Block Missing in Action: Gone But Not Forgotten Frequently Asked Questions Chapter 3: Stalking the Competition: How ISA 2004 Stacks Up Firewall Comparative Issues The Cost of Firewall Operations Specifications and Features Comparing ISA 2004 to Other Firewall Products ISA Server 2004 Comparative Points Comparing ISA 2004 to Check Point Comparing ISA 2004 to Cisco PIX Comparing ISA 2004 to NetScreen Comparing ISA 2004 to SonicWall Comparing ISA 2004 to WatchGuard Comparing ISA 2004 to Symantec Enterprise Firewall Comparing ISA 2004 to Blue Coat SG Comparing ISA 2004 to Open Source Firewalls Summary Comparing Architecture Comparing Functionality Comparing Cost Solutions Fast Track Firewall Comparative Issues Comparing ISA 2004 to Other Firewall Products Frequently Asked Questions Chapter 4: ISA 2004 Network Concepts and Preparing the Network Infrastructure Our Approach to ISA Firewall Network Design and Defense Tactics Defense in Depth ISA Firewall Fallacies Software Firewalls are Inherently Weak You Can't Trust Any Service Running on the Windows Operating System to be Secure ISA Firewalls Make Good Proxy Servers, but I Need a 'Real Firewall' to Protect My Network ISA Firewalls Run on an Intel Hardware Platform, and Firewalls Should Have 'No Moving Parts' 'I Have a Firewall and an ISA Server' Why ISA Belongs in Front of Critical Assets A Better Network and Firewall Topology Tom and Deb Shinder's Configuring ISA 2004 Network Layout Creating the ISALOCAL Virtual Machine How ISA Firewall’s Define Networks and Network Relationships ISA 2004 Multinetworking The ISA Firewall’s Default Networks Creating New Networks Controlling Routing Behavior with Network Rules The ISA 2004 Network Objects ISA Firewall Network Templates Dynamic Address Assignment on the ISA Firewall’s External Interface Dial-up Connection Support for ISA firewalls, Including VPN Connections to the ISP “Network Behind a Network” Scenarios (Advanced ISA Firewall Configuration) Web Proxy Chaining as a Form of Network Routing Firewall Chaining as a Form of Network Routing Configuring the ISA Firewall as a DHCP Server Summary Solutions Fast Track Our Approach to the ISA Firewall Network Design and Defense Tactics Tom and Deb Shinder's Configuring ISA 2004 Network Layout How ISA Firewalls Define Networks and Network Relationships Frequently Asked Questions Chapter 5: ISA 2004 Client Types and Automating Client Provisioning Understanding ISA 2004 Client Types Understanding theISA 2004 SecureNAT Client Name Resolution for SecureNAT Clients Name Resolution and 'Looping Back' Through the ISA 2004 Firewall Understanding the ISA 2004 Firewall Client ISA 2004 Web Proxy Client ISA 2004 Multiple Client Type Configuration Deciding on an ISA 2004 Client Type Automating ISA 2004 Client Provisioning Configuring DHCP Servers to Support Web Proxy and Firewall Client Autodiscovery Configuring DNS Servers to Support Web Proxy and Firewall Client Autodiscovery Special Considerations for VPN Clients Automating Installation of the Firewall Client Configuring Firewall Client and Web Proxy Client Configuration in the ISA Management Console Group Policy Software Installation Silent Installation Script Systems Management Server (SMS) Summary Solutions Fast Track Understanding the ISA 2004 SecureNAT Client Understanding the ISA 2004 Web Proxy Client Understanding the ISA 2004 Firewall Client Frequently Asked Questions Chapter 6: Installing and Configuring the ISA Firewall Software Pre-installation Tasks and Considerations System Requirements Configuring the Routing Table DNS Server Placement Configuring the ISA Firewall's Network Interfaces Unattended Installation Installation via a Terminal Services Administration Mode Session Performing a Clean Installation on a Multihomed Machine Default Post-installation ISA Firewall Configuration The Post-installation System Policy Performing an Upgrade Installation Performing a Single NIC Installation (Unihomed ISA Firewall) Quick Start Configuration for ISA Firewalls Configuring the ISA Firewall's Network Interfaces Installing and Configuring a DNS Server on the ISA Server Firewall Installing and Configuring a DHCP Server on the ISA Server Firewall Installing and Configuring the ISA Server 2004 Software Configuring the Internal Network Computers Hardening the Base ISA Firewall Configuration and Operating System ISA Firewall Service Dependencies Service Requirements for Common Tasks Performed on the ISA Firewall Client Roles for the ISA Firewall Lockdown Mode Connection Limits DHCP Spoof Attack Prevention Summary Solutions Fast Track Pre-installation considerations Performing a clean installation Default Post-install System Policy and Firewall Configuration Frequently Asked Questions Chapter 7: Creating and Using ISA 2004 Firewall Access Policy Introduction ISA Firewall Access Rule Elements Protocols User Sets Content Types Schedules Network Objects The Rule Action Page The Protocols Page The Access Rule Sources Page The Access Rule Destinations Page The User Sets Page Access Rule Properties The Access Rule Context Menu Options Configuring RPC Policy Configuring FTP Policy Configuring HTTP Policy Ordering and Organizing Access Rules How to Block Logging for Selected Protocols Disabling Automatic Web Proxy Connections for SecureNAT Clients Using Scripts to Populate Domain Name Sets Using the Import Scripts Extending the SSL Tunnel Port Range for Web Access to Alternate SSL Ports Avoiding Looping Back through the ISA Firewall for Internal Resources Anonymous Requests Appear in Log File Even When Authentication is Enforced For Web (HTTP Connections) Blocking MSN Messenger using an Access Rule Allowing Outbound Access to MSN Messenger via Web Proxy Changes to ISA Firewall Policy Only Affects New Connections Configure the Routing Table on the Upstream Router Configure the Network Adaptors Install the ISA Server 2004 Firewall Software Install and Configure the IIS WWW and SMTP Services on the DMZ Server Create the DMZ Network Create the Network Rules Between the DMZ and External Network and for the DMZ and Internal Network Create Server Publishing Rule Allowing DNS from DMZ to Internal Create an Access Rule Allowing DNS from Internal to External Create an Access Rule Allowing DNS from Internal to External Create an Access Rule Allow HTTP from External to DMZ Create an Access Rule Allowing SMTP from External to DMZ Test the Access Rules from External to DMZ Test the DNS Rule from the DMZ to the Internal Network Change the Access Rule Allowing External to DMZ by Disabling the Web Proxy Filter Allowing Intradomain Communications through the ISA Firewall Solutions Fast Track Configuring Access Rules for Outbound Access through the ISA Firewall Using Scripts to Populate Domain Name Sets Creating and Configuring a Public Address Trihomed DMZ Network Frequently Asked Questions Chapter 8: Publishing Network Services with ISA 2004 Firewalls Overview of Web Publishing and Server Publishing Web Publishing Rules Server Publishing Rules The Select Rule Action Page The Define Website to Publish Page The Public Name Details Page The Select Web Listener Page and Creating an HTTP Web Listener The User Sets Page The Web Publishing Rule Properties Dialog Box Creating and Configuring SSL Web Publishing Rules SSL Bridging Importing Web Site Certificates into The ISA Firewall's Machine Certificate Store Requesting a User Certificate for the ISA Firewall to Present to SSL Web Sites Creating an SSL Web Publishing Rule Creating Server Publishing Rules The Server Publishing Rule Properties Dialog Box Server Publishing HTTP Sites Creating Mail Server Publishing Rules The Web Client Access: Outlook Web Access (OWA), Outlook Mobile Access, Exchange Server ActiveSync Option The Client Access: RPC, IMAP, POP3, SMTP Option Summary Solutions Fast Track Overview of Web Publishing and Server Publishing Creating and Configuring Non-SSL Web Publishing Rules Creating and Configuring SSL Web Publishing Rules Frequently Asked Questions Chapter 9: Creating Remote Access and Site-to-Site VPNs with ISA Firewalls Overview of ISA Firewall VPN Networking Firewall Policy Applied to VPN Client Connections Firewall Policy Applied to VPN Site-to-Site Connections VPN Quarantine User Mapping of VPN Clients SecureNAT Client Support for VPN Connections Site-to-Site VPN Using Tunnel Mode IPSec Publishing PPTP VPN Servers Pre-shared Key Support for IPSec VPN Connections Advanced Name Server Assignment for VPN Clients Monitoring of VPN Client Connections Creating a Remote Access PPTP VPN Server Enable the VPN Server Create an Access Rule Allowing VPN Clients Access to Allowed Resources Enable Dial-in Access Test the PPTP VPN Connection Issue Certificates to the ISA Firewall and VPN Clients Test the L2TP/IPSec VPN Connection Monitor VPN Clients Using a Pre-shared Key for VPN Client Remote Access Connections Creating a PPTP Site-to-Site VPN Create the Remote Site Network at the Main Office Create the Network Rule at the Main Office Create the Access Rules at the Main Office Create the VPN Gateway Dial-in Account at the Main Office Create the Remote Site Network at the Branch Office Create the Network Rule at the Branch Office Create the Access Rules at the Branch Office Create the VPN Gateway Dial-in Account at the Branch Office Activate the Site-to-Site Links Enable the System Policy Rule on the Main Office Firewall to Access the Enterprise CA Request and install a Web Site Certificate for the Main Office Firewall Configure the Main Office ISA Firewall to Use L2TP/IPSec for the Site-to-Site Link Enable the System Policy Rule on the Branch Office Firewall to Access the Enterprise CA Request and Install a Web Site Certificate for the Branch Office Firewall Configure the Main Office ISA Firewall to Use L2TP/IPSec for the Site-to-Site Link Activate the L2TP/IPSec Site-to-Site VPN Connection Configuring Pre-shared Keys for Site-to-Site L2TP/IPSec VPN Links IPSec Tunnel Mode Site-to-Site VPNs with Downlevel VPN Gateways Using RADIUS for VPN Authentication and Remote Access Policy Configure the Internet Authentication Services (RADIUS) Server Create a VPN Clients Remote Access Policy Remote Access Permissions and Domain Functional Level Changing the User Account Dial-in Permissions Changing the Domain Functional Level Controlling Remote Access Permission via Remote Access Policy Enable the VPN Server on the ISA Firewall and Configure RADIUS Support Create an Access Rule Allowing VPN Clients Access to Approved Resources Make the Connection from a PPTP VPN Client Using EAP User Certificate Authentication for Remote Access VPNs Configuring the ISA Firewall Software to Support EAP Authentication Enabling User Mapping for EAP Authenticated Users Issuing a User Certificate to the Remote Access VPN Client Machine Supporting Outbound VPN Connections through the ISA Firewall Installing and Configuring the DHCP Server and DHCP Relay Agent on the ISA Firewall Creating a Site-to-Site VPN Between an ISA Server 2000 and ISA Firewall Run the Local VPN Wizard on the ISA Server 2000 firewall Change the Password for the Remote VPN User Account Change the Credentials the ISA Server 2000 Firewall uses for the Demand-dial Connection to the Main Office Change the ISA Server 2000 VPN Gateway's Demand-dial Interface Idle Properties Create a Static Address Pool for VPN Clients and Gateways Run the Remote Site Wizard on the Main Office ISA firewall Create a Network Rule that Defines the Route Relationship Between the Main and Branch Office Create Access Rules Allowing Traffic from the Main Office to the Branch Office Create the User Account for the Remote VPN Router Test the connection A Note on VPN Quarantine Summary Solutions Fast Track Overview of ISA Firewall VPN Networking Creating a Remote Access PPTP VPN Server Creating a Remote Access L2TP/IPSec Server Frequently Asked Questions Chapter 10: ISA 2004 Stateful Inspection and Application Layer Filtering Introduction Application Filters The SMTP Filter and Message Screener The DNS Filter The POP Intrusion Detection Filter The SOCKS V4 Filter The FTP Access Filter The H.323 Filter The MMS Filter The PNM Filter The PPTP Filter The RPC Filter The RTSP Filter Web Filters The HTTP Security Filter (HTTP Filter) The ISA Server Link Translator The Web Proxy Filter The SecurID Filter The OWA Forms-based Authentication Filter The RADIUS Authentication Filter IP Filtering and Intrusion Detection/Intrusion Prevention Common Attacks Detection and Prevention DNS Attacks Detection and Prevention IP Options and IP Fragment Filtering Summary Solutions Fast Track Application Layer Filters Web Filters Intrusion Detection and Prevention Frequently Asked Questions Chapter 11: Accelerating Web Performance with ISA 2004 Caching Capabilities Understanding Caching Concepts Web Caching Types Web Caching Architectures Web Caching Protocols Understanding ISA Server 2004's Web Caching Capabilities Using the Caching Feature Understanding Cache Rules Understanding the Content Download Feature Configuring ISA Server 2004 as a Caching Server Enabling and Configuring Caching How to Configure Caching Properties Creating Cache Rules Configuring Content Downloads Summary Fast Track Frequently Asked Questions Chapter 12: Using ISA Server 2004's Monitoring, Logging, and Reporting Tools Introduction Exploring the ISA Server 2004 Dashboard Dashboard Sections Configuring and Customizing the Dashboard Creating and Configuring ISA Server 2004 Alerts Alert-triggering Events Viewing the Predefined Alerts Creating a New Alert Modifying Alerts Viewing Triggered Alerts Monitoring ISA Server 2004 Connectivity, Sessions, and Services Configuring and Monitoring Connectivity Monitoring Sessions Monitoring Services Working with ISA Server 2004 Logs and Reports Understanding ISA Server 2004 Logs Generating, Viewing, and Publishing Reports with ISA Server 2004 Using ISA Server 2004's Performance Monitor Solutions Fast Track Exploring the ISA Server 2004 Dashboard Creating and Configuring ISA Server 2004 Alerts Monitoring ISA Server 2004 Sessions and Services Working with ISA Server 2004 Logs and Reports 1Using ISA Server 2004's Performance Monitor Frequently Asked Questions Appendix: Network Security Basics Introduction Security Overview Defining Basic Security Concepts Knowledge is Power Think Like a Thief Security Terminology Addressing Security Objectives Controlling Physical Access Preventing Accidental Compromise of Data Preventing Intentional Internal Security Breaches Preventing Unauthorized External Intrusions Recognizing Network Security Threats Understanding Intruder Motivations Classifying Specific Types of Attacks Designing a Comprehensive Security Plan Evaluating Security Needs Understanding Security Ratings Legal Considerations Designating Responsibility for Network Security Designing the Corporate Security Policy Educating Network Users on Security Issues Incorporating ISA Server in your Security Plan ISA Server Intrusion Detection Implementing a System Hardening Plan with ISA Summary Index Numbers Index A Index B Index C Index D Index E Index F Index G Index H Index I Index J Index K Index L Index M Index N Index O Index P Index Q Index R Index S Index T Index U Index V Index W Index Z List of Figures List of Tables List of Sidebars

توضیحات
افزودن یادداشت جدید









Creating and Configuring ISA Server 2004 Alerts

ISA Server's alerting function means you can be notified of important ISA-related events as soon as they are detected. Rather than coming in to work to find that a hacker attempted to access or attack the system hours earlier, you can find out about it immediately. Or if one of ISA Server's services unexpectedly stops, you can be notified and take the appropriate action to minimize any loss of functionality.

Alert-triggering Events


Alerts can be configured to notify you of any of the following events (the official event name is in parentheses):



An action associated with an alert fails (alert action failure)



The cache container fails to initialize (cache container initialization error)



A cache container is recovered (cache container recovery complete)



An attempt to resize the cache file fails (cache file resize failure)



Cache fails to initialize (cache initialization failure)



Cache content is restored (cache restoration complete)



There is an error in writing cache content (cache write error)



A cached object is discarded (cached object discarded)



An extension component fails to load (component load failure)



There is an error during the reading of configuration data (configuration error)



The connection limit is exceeded by a user or IP address (connection limit exceeded)



The connection limit for a rule (the number of connections per second) is exceeded (connection limit for rule exceeded)



The DHCP anti-poisoning intrusion detection feature is disabled (DHCP anti-poisoning intrusion detection disabled)



A busy line or failure to answer causes a dial-on-demand connection to fail (dial on demand failure)



There is a DNS zone transfer attack (DNS zone transfer intrusion)



Information cannot be logged to the system event log (event log failure)



The Firewall client and the ISA Server service fail to communicate (firewall communication failure)



The FTP filter fails to parse the allowed FTP commands (FTP filter initialization warning)



An attempted intrusion/attack from an outside user is detected (intrusion detected)



A CRL is invalid, expired, or missing (invalid CRL found)



DHCP offers an invalid IP address (invalid DHCP offer)



ISA Server detects invalid dial-on-demand credentials (invalid dial-on-demand credentials)



Credentials for the ODBC database are invalid (invalid ODBC log credentials)



The source address on an IP packet is not valid (IP spoofing)



Configuration changes have been made which require the ISA Server computer to be rebooted (ISA Server computer restart is required)



A log fails (log failure)



A log reaches its storage limits (log storage limits)



The configuration of the network has been changed in a way that affects the ISA Server (network configuration changed)



There are no ports available, resulting in a failure to establish a network socket (no available ports)



The ISA Server is unable to connect to a requested server (no connectivity)



One of the operating system components (NAT, ICS or Routing and Remote Access) presents a conflict with the ISA Server (OS component conflict)



A UDP packet is greater than the maximum size specified in the registry, causing the ISA Server to drop it (oversized UDP packet)



A buffer overflow exploiting the Post Office Protocol (POP) is detected (POP intrusion)



A user is removed from the Quarantined VPN Clients network (Quarantined VPN Clients network changes)



An error occurs while the report summary was being generated (report summary generation failure)



A resource allocation failure, such as insufficient system memory, occurs (resource allocation failure)



A routing (chaining) failure occurs (routing/chaining failure)



A routing (chaining) recovery occurs (routing/chaining recovery)



The RPC filter is unable to use the defined port, which is already being used (Bind failure)



The RPC filter connectivity changes (RPC filter-connectivity changed)



A server publishing rule is not configured correctly (server publishing failure)



A server publishing rule cannot be applied (server publishing not applicable)



A service cannot start (service initialization failure)



A service stops unexpectedly (service not responding)



A service stops properly (service shutdown)



A service starts properly (service started)



The ISA Server's connection to a requested server is slow (slow connectivity)



An SMTP rule is violated (SMTP filter event)



The SOCKS configuration fails because the port is being used by another protocol (SOCKS configuration failure)



There is a SYN attack detected (SYN attack)



An unregistered event occurs (unregistered event)



Upstream chaining credentials are not correct (Upstream chaining credentials)



A VPN client attempts to make a connection and fails (VPN connection failure)



The alert service determines when an event occurs and whether an alert is configured to provide notification or perform some other action. It then initiates the specified notification or other action.

Viewing the Predefined Alerts


You can see the predefined alert definitions by clicking the Alerts tab and opening the task pane if it is not already open. Click Configure Alert Definitions under Alerts Tasks on the task pane Tasks tab. This will open the Alerts Properties dialog box, as shown in Figure 12.11.


Figure 12.11: The Alerts Properties Dialog Box

The Alerts Properties dialog box gives you a graphical representation of the severity of the alert, that is, whether it is an Error, Warning, or Information. You can modify the severity and other properties of the alert from this dialog box. You can also assign a level of severity to any new alert you create.

Creating a New Alert


To define a new alert, click the Add button. This will invoke the New Alert Configuration Wizard, as shown in Figure 12.12.


Figure 12.12: The New Alert Configuration Wizard

As you can see, you'll need to give the new alert a name. Then click Next.

On the next page of the wizard, you need to select an event and any additional conditions that will trigger the alert. The list of events from which you can select matches the list of events we described earlier in this section.

For example, as shown in Figure 12.13, you can select the Log Failure event and then select for the alert to be triggered by the log failure of any ISA Server service, the ISA Server Firewall service, or the ISA Server Web filter.


Figure 12.13: Selecting Events and Conditions to Trigger an Alert

Next, you can assign a category for the alert from the following choices:



Security



Cache



Routing



Firewall Service



Other



On the same page, as shown in Figure 12.14, you need to select a severity level (Error, Warning or Information).


Figure 12.14: Assigning a Category and Selecting a Severity Level for your New Alert

The next page allows you to define what action (if any) will be taken when the specified event and conditions occur. ISA Server can be configured to do any or all of the following when the conditions specified for an alert have been met: :



Send an e-mail notification to yourself or another administrator(s)



Run a program



Log the event to the Windows event log (this option is enabled by default)



Stop selected services on the ISA Server computer



Start selected services on the ISA Server computer



You can select multiple actions. For example, you can select to send an e-mail message and report the event to the Windows event log, as we've done in Figure 12.15.


Figure 12.15: Defining Actions to be Performed when the Alert is Triggered

If you have selected to send an e-mail message, you will be asked to provide the name of the SMTP server to be used and enter 'From' and 'To' addresses for the message. You can send the message to multiple recipients using the CC: field, as shown in Figure 12.16.


Figure 12.16: Sending E-Mail Notification Messages






Tip

You might be asked to enter the name and password of an account with permissions to access the SMTP server. In addition, you might need to create an access rule to allow the local host to access the External network using the SMTP protocol, if you configure the e-mail notification to use an external SMTP server. Furthermore, if SMTP messages to a server on the internal network fail, a possible cause is that the 'Allow SMTP from ISA to Trusted Servers system policy' rule is not enabled. (Note that the Help file suggests you must enable a system policy rule to allow the Local Network to communicate with the Internal Network via SMTP. However, by default this rule is already enabled, so you won't need to worry about this unless you have disabled it).


Similarly, if you select to run a program, you'll be asked to provide a path to the program's executable file and an account to use in running the program, as shown in Figure 12.17.


Figure 12.17: Running a Program when an Alert is Triggered






Tip

One of the more common uses of Running a Program is to invoke an executable that will send a pager message to an administrator. However, if the administrator's cell phone supports text messaging, it may be possible to use SMTP to deliver a message to the administrator's cell phone, eliminating the need to support paging mechanisms.


If you select to stop or start a service, you will be asked to choose the service(s) to stop or start, as shown in Figure 12.18.


Figure 12.18: Stopping or Starting a Service when an Alert is Triggered

When you have configured all the properties for the new alert, the last page of the wizard summarizes the information you entered, as shown in Figure 12.19. Check it over and use the Back button to make any corrections, then click Finish.


Figure 12.19: Completing the New Alert Wizard

The new alert will now show up in the Alerts Properties dialog box, in the Alerts Definitions window, as shown in Figure 12.20.


Figure 12.20: New Alerts Show Up in the Alerts Definitions Window

You can disable an alert here by unchecking its checkbox. You will notice that some alerts are predefined but disabled by default. These include:



Cached object discarded



Event log failure



Network configuration changed



Quarantined VPN Clients network changed



Server publishing is not applicable



SMTP filter event



The rest of the predefined alerts are enabled by default.

You can remove an alert completely by highlighting it and clicking the Remove button. You can refresh the view of the configured alerts after making a change by clicking the Refresh button.

You can rearrange the order of the alerts in the window by clicking the title of the column. For example, clicking the top of the Alerts column will rearrange the alerts in ascending or descending alphabetical order. Clicking the top of the Categories column will rearrange the alerts by category, in ascending or descending alphabetical order.

Modifying Alerts


You can modify the properties of your new alert, or those of any of the predefined alerts, by highlighting the alert you want to modify and clicking the Edit button. This will allow you to change the category and/or severity and disable or enable the alert from the General tab. On the Events tab, you can change the event and additional conditions.

When you modify an alert, you can specify the number of times that the event should occur before an alert is triggered, and/or you can specify the number of times per second that the event should occur before triggering the alert. You can also specify whether, when these time thresholds are met, the alert should be triggered immediately, only if the alert was manually reset, or only if a specified number of minutes have passed since the last execution of the alert. This is shown in Figure 12.21.


Figure 12.21: Modifying an Alert to Specify Time Thresholds

On the Actions tab, you can change, remove or add actions to be performed when the alert is triggered, just as you did when you originally created the alert.

Viewing Triggered Alerts


When you click the Alerts tab in the Monitoring node, the alerts that have been triggered are displayed in the middle pane, as shown in Figure 12.22.


Figure 12.22: Viewing Alerts that have been Triggered


The display shows the alert name, the date and time it occurred, the status, and the category to which the alert has been assigned. Alerts are grouped together by alert type (such as 'Service started'). Click the small square with a + sign to expand a group.

If you click on an individual alert, a detailed description will be displayed in the Alert Information window below the list of recent alerts. Again, this same information appears in the Event Viewer's application log, as shown in Figure 12.23.


Figure 12.23: Event Viewer Application Log Entry Showing Information Displayed in Alerts Windows

The alerts window is automatically refreshed by default at periodic intervals. You can set the refresh rate to one of the following:



None



Low



Medium



High



This is done in the right task pane. You can also force a manual refresh at any time by clicking the Refresh Now icon (refer back to Figure 12.23).

In addition to configuring alert definitions, you can perform the following Alerts Tasks:



Reset selected alerts: You can reset alerts to remove them from the Alerts display. In the middle pane, highlight the alert that you want to reset, and click Reset selected alerts in the right task pane. You will be asked if you're sure you want to reset the alert. Click Yes to do so. The alert will then disappear from the middle pane. You can also reset a whole group of alerts by highlighting the group heading.



Acknowledge selected alerts: You can acknowledge an alert to remove it from the Dashboard view. It will remain in the Alerts window on the Alerts tab, but its status will be shown as 'Acknowledged.' You can use this to indicate that you have seen the alert and are handling it. In the middle pane, highlight the alert(s) you want to acknowledge, and click Acknowledge selected alerts in the right task pane.






Note

When you reboot the ISA Server computer, all alerts will be reset.




/ 145