Log storage format

Microsoft Internet Security and Acceleration (ISA) Server 2004 log information can be viewed in a Log Viewer, directly from ISA Server Management. In addition, the log information can be stored in one of the following formats:

  • File
  • MSDE database
  • SQL database

MSDE database

When you save log information in MSDE format, it can be viewed in the Log viewer. This enables you easy access to on-line information about network activity. Because you can export the data displayed in the log viewer, you also actually can save, in a text file, the data displayed in MSDE format. For instructions, see Configure logging to an MSDE database.

MSDE logs are limited to two gigabytes. When a log exceeds this limit, ISA Server automatically creates a new database. Similarly, a new log is created at the beginning of every day. The Log Viewer, however, displays all the data as if it were in a single database.

SQL database

You can save log information to a SQL Server database. This is useful for remote logging. See Best practices: Monitoring for security considerations when logging to a SQL database.

For instructions, see Configure logging to a SQL database.

The system policy rule named Allow remote Logging using NetBios transport to trusted servers must be enabled in order to log to a SQL database.

Saving to a file

You can save ISA Server logs to a file, in one of the following formats:

  • World Wide Web Consortium (W3C) format
  • ISA Server format

The SMTP Message screener log information is saved by default in file format. It cannot be saved to a database.

For instructions, see Configure logging to a file.

Log files are limited to two gigabytes. When a file exceeds this limit, ISA Server automatically creates a new file. Similarly, a new log file is created at the beginning of every day.

W3C logs contain both data and directives, describing the version, date, and logged fields. Because the fields are described in the file, unselected fields are not logged. The tab character is used as a delimiter. Date and time are in Coordinated Universal Time (Greenwich Mean Time).

ISA Server format contains only data with no directives. All fields are always logged. Unselected fields are logged with a dash, to indicate they are empty. The comma character is used as a delimiter. The date and time fields are in local time.

Options

By default, the log information for MSDE logs and log files is stored in the ISALogs folder, under the ISA Server installation folder. You can chnage the location.

If you specify a relative directory, the log is saved in the ISALogs folder, under the ISA Server installation folder. If you specify an absolute path, the actual log folder may be different on every server.

Important

  • We recommend to log to NTFS volumes.

You can compress log files, to reduce the disk space required. Files are compressed only if stored on NTFS partitions. You may notice a decrease in performance when working with NTFS-compressed files. When you read from (access) a compressed file, Windows automatically decompresses it for you, and when you write to the file, Windows compresses it. This process may decrease your computer’s performance.

Log Maintenance

ISA Server features a log maintenance feature, which you can configure so that log files do not exceed specific space requirements. When you log to an MSDE database or to a file, you can configure how long log information should be stored on the local disk—and how much disk space should be allocated for logging. For instructions, see Configure log storage limits and Configure logging to an MSDE database.

ISA Server checks that logs do not exceed the specified limits every ten minutes. This means that for up to a period of ten minutes, logs might exceed the limits.

Additional Links

Search

Support

Documentation

Authorization

 
Forgot your password?
Register

Subscribe

Subscribe to company news