One of the biggest complaints we hear about firewall products from almost all vendors concerns the monitoring and reporting capabilities. It's not enough for a firewall to provide protection from Internet attacks and control what comes into and goes out of the local network; the name of the game in today's business world is documentation. Network administrators need to be able to track attempted intrusions and attacks from outside, as well as their own users' Internet use.
Logs and reports serve several important purposes:
Awareness of failed or successful intrusions and attacks so you can take additional preventative measures
Evidentiary documentation for forensics purposes when pursuing civil or criminal actions against intruders, attackers or insiders who misuse the network
Tracking of bandwidth usage for planning expansion of the network
Establishment of performance benchmarks for planning future capacity requirements
Justification to management for budgetary considerations
Paper trail for management and outside regulatory agencies to show compliance with policies and regulations
ISA Server 2004 includes an array of tools that can be used to monitor ISA Server activities, create and configure alerts to keep you apprised of changes, generate reports to summarize information in an easy-to-read form and provide a document trail, and monitor the ISA Server's performance. All of these tools are located in the Monitoring node, accessed via the console tree in the left pane of the ISA Server 2004 management console.
| Tip |
To access the Monitoring node in ISA Server 2004 Standard Edition, expand the ISA Server name in the left console tree and select Monitoring. In
|
In this chapter, we will examine each of these tools built into ISA Server 2004 and provide step-by-step instructions on how to use them. Specifically, we'll address the following:
How to use the ISA Server 2004 Dashboard (section by section)
How to create and configure notification alerts
How to monitor sessions and services on the ISA Server
How to configure logs and generate reports
How to use the ISA Server performance monitor (a specially-configured instance of the Windows Server System Monitor that is installed with ISA Server)