Module 10: Monitoring ISA Server 2004. Overview Monitoring Overview Configuring Alerts Configuring...
-
Upload
aldous-patrick -
Category
Documents
-
view
227 -
download
0
Transcript of Module 10: Monitoring ISA Server 2004. Overview Monitoring Overview Configuring Alerts Configuring...
Module 10: Monitoring ISA Server 2004
Overview
Monitoring Overview
Configuring Alerts
Configuring Session Monitoring
Configuring Logging
Configuring Reports
Monitoring Connectivity
Monitoring Services and Performance
Lesson: Monitoring Overview
Why Implement Monitoring?
ISA Server Monitoring Components
Designing a Monitoring and Reporting Strategy
Using the ISA Server Dashboard for Monitoring
Why Implement Monitoring?
Use monitoring to:Use monitoring to:
Monitor traffic between networks to ensure that only legitimate traffic passes between networks
Troubleshoot network connectivity between ISA Server clients, servers, and networks
Collect information about attacks and to detect attacks as they occur
Plan future modifications to the ISA Server or Internet access infrastructure
Monitor traffic between networks to ensure that only legitimate traffic passes between networks
Troubleshoot network connectivity between ISA Server clients, servers, and networks
Collect information about attacks and to detect attacks as they occur
Plan future modifications to the ISA Server or Internet access infrastructure
ISA Server Monitoring Components
Components Explanation
AlertsMonitors ISA Server for configured events and then performs actions when the specified events occur
Sessions Provides information on the current client sessions
LoggingProvides detailed archived information about the Web Proxy, Microsoft Firewall service, or SMTP Message Screener
ReportsSummarizes information about the usage patterns on ISA Server
ConnectivityMonitors connections from ISA Server to any other computer or URL on any network
PerformanceMonitors server performance in real time, create a log file of server performance or configure performance alerts
Designing a Monitoring and Reporting Strategy
When: Determine:
Monitoring real-time information
Which events should trigger an alert
The event threshold before the alert is triggered
The information that you need to monitor server performance
Collecting long-term information
The information you need to monitor server performance over time
The information you need to monitor server usage
The information you need to monitor security events
Developing a response strategy
How to respond to the critical events that occur on the ISA Server
Using the ISA Server Dashboard for Monitoring
Monitorconnections
Monitorconnections Monitor
alertsMonitoralerts
MonitorsessionsMonitor
sessions
Monitortraffic
Monitortraffic
Lesson: Configuring Alerts
What Is an Alert?
How to Configure Alert Definitions
How to Configure Alert Events and Conditions
How to Configure Alert Actions
Alert Management Tasks
What Is an Alert?
An alert is:An alert is:A notification of an event or action that has occurred on ISA Server
Triggered according to the conditions and trigger thresholds specified for the event associated withthe alert
A notification of an event or action that has occurred on ISA Server
Triggered according to the conditions and trigger thresholds specified for the event associated withthe alert
When a server event takes place and records an alert:When a server event takes place and records an alert:
The ISA Server Management console displays the alert in the Alerts view
An entry appears in the alerts view that lists column headings such as type of alert, the date and time, status, and category
The ISA Server Management console displays the alert in the Alerts view
An entry appears in the alerts view that lists column headings such as type of alert, the date and time, status, and category
How to Configure Alert Definitions
How to Configure Alert Events and Conditions
Define thetrigger
thresholds
Define thetrigger
thresholds
Definesubsequent
alerts
Definesubsequent
alerts
Define the eventthat will trigger
the alert
Define the eventthat will trigger
the alert
Define specificconditions for
the event
Define specificconditions for
the event
How to Configure Alert Actions
Configuree-mail action
Configuree-mail action
Define aprogram to run
Define aprogram to run
Define otheralert actionsDefine otheralert actions
Alerts are managed by performing the following tasks:Alerts are managed by performing the following tasks:
Alert Management Tasks
Reset registered alertsReset registered alerts
Acknowledge registered alertsAcknowledge registered alerts
When you configure an alert to stop the ISA Server Firewall Service, ISA Server goes into a lockdown mode. While in lockdown mode, ISA Server blocks most network traffic
When you configure an alert to stop the ISA Server Firewall Service, ISA Server goes into a lockdown mode. While in lockdown mode, ISA Server blocks most network traffic
Practice: Configuring and Managing Alerts
Creating a New Alert Definition
Modifying an Existing Alert Definition
Internet
Den-ISA-01
Den-DC-01Den-Clt-01
Gen-Web-01
Lesson: Configuring Session Monitoring
What Is Session Monitoring?
About Managing Sessions
How to Configure Session Filtering
What Is Session Monitoring?
Session monitoring:Session monitoring:Provides real-time information about client sessions hosted through ISA Server
Includes information on:
When the session was establishedThe session typeThe source networkThe client user name and computer name
Provides the ability to immediately stop any unwanted sessions
Provides real-time information about client sessions hosted through ISA Server
Includes information on:
When the session was establishedThe session typeThe source networkThe client user name and computer name
Provides the ability to immediately stop any unwanted sessions
About Managing Sessions
Use these optionsto manage sessionsUse these options
to manage sessionsRight click session
to disconnectRight click session
to disconnect
How to Configure Session Filtering
Add multiple filtersAdd multiple filters
Configurefilters to view
specific sessions
Configurefilters to view
specific sessions
Practice: Configuring Session Monitoring
Monitoring Sessions
Applying a Session Filter
Internet
Den-ISA-01
Den-DC-01Den-Clt-01
Gen-Web-01
Lesson: Configuring Logging
What Is Logging?
Log Storage Options
How to Configure Logging
How to View ISA Server Logs
How to Configure Log Filter Definitions
The logging feature:The logging feature:
Provides extended log storage to generate reports, analyze trends, or investigate security issues
Can be configured to provide Firewall logging, Web proxy logging, and SMTP message screener logging
Provides a log viewer to assist in monitoring and analyzing server activity for MSDE-based logs
Provides extended log storage to generate reports, analyze trends, or investigate security issues
Can be configured to provide Firewall logging, Web proxy logging, and SMTP message screener logging
Provides a log viewer to assist in monitoring and analyzing server activity for MSDE-based logs
What Is Logging?
Log Storage Options
Log storage option: Explanation:
MSDELogs can be viewed in the log viewer
Default format for Web proxy and Firewall Service logs
SQL databaseLogs can be stored on separate server
Logs can be analyzed by using database tools
File
Logs can be stored in W3C or ISA Server format
Only available format for SMTP message screener logs
The MSDE and log files are stored by default in the ISALogs folder, which is located in the ISA Server installation folder
The MSDE and log files are stored by default in the ISALogs folder, which is located in the ISA Server installation folder
How to Configure Logging
Configure logstorage formatConfigure logstorage format
Configure theinformation
captured in the logs
Configure theinformation
captured in the logs
How to View ISA Server Logs
How to Configure Log Filter Definitions
Configure filters to view specific log entries
Configure filters to view specific log entries
Add multiple filtersAdd multiple filters
Lesson: Configuring Reports
What Are Reports?
How to Configure the Report Summary Database
How to Generate a Report
How to Create a Recurring Report Job
How to View Reports
How to Publish Reports
What Are Reports?
Use reporting to summarize and analyze:Use reporting to summarize and analyze:Who is accessing the Internet, as well as which web sites are being accessed
Which protocols and applications are being used most often
General traffic patterns
The cache hit ratio
Who is accessing the Internet, as well as which web sites are being accessed
Which protocols and applications are being used most often
General traffic patterns
The cache hit ratio
Reports can be generated immediately
Reports need to be scheduled to generate on a recurring basis
Reports can be generated immediately
Reports need to be scheduled to generate on a recurring basis
How to Configure the Report Summary Database
Select to enablelog summaries
Select to enablelog summaries
Configure numberof saved summariesConfigure number
of saved summaries
Configure summaryfiles location
Configure summaryfiles location
How to Generate a Report
Configure the content to include in
the report
Configure the content to include in
the report Configure the time period included in the report
Configure the time period included in the report Configure where
the report will be stored
Configure wherethe report will
be stored
How to Create a Recurring Report Job
Configure thecontent to include
in the recurring report
Configure thecontent to include
in the recurring report
Configure whenthe recurringreport will run
Configure whenthe recurringreport will run
How to View Reports
Reports can be viewed:Reports can be viewed:
Only on the computer running ISA Server Management
By double-clicking the report name in the Report view of ISA Server Management
Only on the computer running ISA Server Management
By double-clicking the report name in the Report view of ISA Server Management
How to Publish Reports
You can publish reports to a shared folder where users without ISA Server Management installed can view the reports
You can publish reports to a shared folder where users without ISA Server Management installed can view the reports
Practice: Configuring Reports
Generating a Report
Creating a Recurring Report Job
Den-Msg-01Internet
Den-ISA-01
Den-DC-01
Gen-Web-01
Lesson: Monitoring Connectivity
How Does Connectivity Monitoring Work?
Configuring Connectivity Monitoring
How Does Connectivity Monitoring Work?
Connectivity monitoring:Connectivity monitoring:
Uses connectivity verifiers to monitor connections from ISA Server to other servers or URLs
Can be configured to use any of the following in connection methods:
Ping to check for simple network connectivity TCP connection to verify that a service is running on
the destination server HTTP GET request to verify that a Web server is
running on the destination server
Uses connectivity verifiers to monitor connections from ISA Server to other servers or URLs
Can be configured to use any of the following in connection methods:
Ping to check for simple network connectivity TCP connection to verify that a service is running on
the destination server HTTP GET request to verify that a Web server is
running on the destination server
Configuring Connectivity Monitoring
Configure the timeout forthe connection attempt
Configure the timeout forthe connection attempt
Configure the URLor server to connect to
Configure the URLor server to connect to
Configure the methodused to test connectivity
Configure the methodused to test connectivity
Practice: Configuring Connectivity Monitoring
Configuring Connectivity Monitoring
Den-ISA-01
Den-DC-01Internet
Gen-Web-01
Lesson: Monitoring Services and Performance
Monitoring ISA Server Services
Performance Monitoring with ISA Server
Monitoring ISA Server Services
Performance Monitoring with ISA Server
Performance Objects Explanation
ISA Server Firewall Engine
Includes performance counters to monitor connections and throughput for the firewall engine
ISA Server CacheIncludes performance counters to monitor the memory, disk, and URL activity associated with the cache as well as cache performance
ISA Server Firewall Service
Includes counters to monitor Firewall service connections and associated services such as DNS. This object monitors only Firewall client connections
ISA Server Web Proxy Service
Includes counters to monitor the number of users and the rate at which ISA Server transfers data for Web Proxy clients to remote and upstream servers
Monitoring the ISA Server counters as well as other performance counters to determine server performance and bottlenecks
Monitoring the ISA Server counters as well as other performance counters to determine server performance and bottlenecks
Lab: Monitoring ISA Server 2004
Exercise 1: Testing the Alerts Feature
Exercise 2: Testing the Reporting Feature
Exercise 3: Testing the Connectivity Monitoring Feature
Internet
Den-ISA-01
Den-DC-01Den-Msg-01
Gen-Web-01