• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 646
  • Last Modified:

ISA 2006 - Reports are not clear

I have ISA 2006 Proxy and running for years. The reports are not clear means, it is coming as IP Address & domain ID...
What should i do to get domain name for all the IP address??

The default reporting may not be as expected. I am expecting the report for user wise URL History, Protocol / port used, bandwidth usage & Scheduling of reports by email...

Let me know recommendations of the software's? licensed or freeware - anything is okey.
0
Sriram_pp
Asked:
Sriram_pp
  • 2
1 Solution
 
Raj-GTSystems EngineerCommented:
LogHostName from Collective Software can log the hostname in proxy logs http://www.collectivesoftware.com/Products/LogHostname

For detailed reporting I would recommend http://www.redline-software.com/eng/products/iam/

Thanks,
Raj
0
 
Keith AlabasterCommented:
A couple of things. ISA does not report on bandwidth usage - that was a feature of ISA2000 and dropped for ISA2004 and ISA2006.

If you have used the All Users authentication then you are telling ISA that you do not care who users the rules. ISA sees this as 'if you do not care, then ISA does not care either' and just logs the ip address. if you want to log the username etc then you have to use an authenticator such as ldap, active directory or something to pass the user credentials to ISA server rather than using the All Users option.

0
 
Sriram_ppAuthor Commented:
keith_alabaster:  It is already integrated with domain controller ..  20% of the reports are coming with domain username and 80% on IP Address.. It is very difficult to map IP Address vs username on daily basis.
0
 
Keith AlabasterCommented:
That is by design.

Practically all traffic requests will have anonymous entries. Think about what is happemning on the box you have not stated but i will assume you have ISA configured as a proxy & firewall.

Client PC tries to connect to a resource out on the internet through ISA
ISA sees the traffic headers and checks its rules from top to see if it has a matching rule
If matching rule is found, ISA then checks the authentication setting for the rule
If authentication is all users, traffic is allowed to pass, a session set up and just the ip is logged
If Ad group then ISA will deny the traffic request, log it as anonymous, and return a request to the client machine asking for the credentials of the user to check against AD.
Client responds with user credentials (if it can)
ISA now checks credentials against AD and if OK allows traffic to pass and now logs with domain\username

You also need to bear in mind that many client applications, such as FTP etc, do not have the capability to carry the user credentials - they simply are built to do it. Therefore you will always have an issue logging usernames against such traffic. This is what the ISA firewall client is for. The ISA firewall client sits and listens for credential requests (amongst other things) from ISA server. When ISA returns a credentials request to a client, the FWC intercepts the request and responds back to ISA with the user credentials on the client applications behalf.

Bottom line, you are not going to totally eradicate the anonymous / IP address only position completely.

Keith
ISA MVP



0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now