ISA 2006 - Reports are not clear

Posted on 2009-04-16
Last Modified: 2012-05-06
I have ISA 2006 Proxy and running for years. The reports are not clear means, it is coming as IP Address & domain ID...
What should i do to get domain name for all the IP address??

The default reporting may not be as expected. I am expecting the report for user wise URL History, Protocol / port used, bandwidth usage & Scheduling of reports by email...

Let me know recommendations of the software's? licensed or freeware - anything is okey.
Question by:Sriram_pp
    LVL 14

    Expert Comment

    LogHostName from Collective Software can log the hostname in proxy logs

    For detailed reporting I would recommend

    LVL 51

    Expert Comment

    by:Keith Alabaster
    A couple of things. ISA does not report on bandwidth usage - that was a feature of ISA2000 and dropped for ISA2004 and ISA2006.

    If you have used the All Users authentication then you are telling ISA that you do not care who users the rules. ISA sees this as 'if you do not care, then ISA does not care either' and just logs the ip address. if you want to log the username etc then you have to use an authenticator such as ldap, active directory or something to pass the user credentials to ISA server rather than using the All Users option.


    Author Comment

    keith_alabaster:  It is already integrated with domain controller ..  20% of the reports are coming with domain username and 80% on IP Address.. It is very difficult to map IP Address vs username on daily basis.
    LVL 51

    Accepted Solution

    That is by design.

    Practically all traffic requests will have anonymous entries. Think about what is happemning on the box you have not stated but i will assume you have ISA configured as a proxy & firewall.

    Client PC tries to connect to a resource out on the internet through ISA
    ISA sees the traffic headers and checks its rules from top to see if it has a matching rule
    If matching rule is found, ISA then checks the authentication setting for the rule
    If authentication is all users, traffic is allowed to pass, a session set up and just the ip is logged
    If Ad group then ISA will deny the traffic request, log it as anonymous, and return a request to the client machine asking for the credentials of the user to check against AD.
    Client responds with user credentials (if it can)
    ISA now checks credentials against AD and if OK allows traffic to pass and now logs with domain\username

    You also need to bear in mind that many client applications, such as FTP etc, do not have the capability to carry the user credentials - they simply are built to do it. Therefore you will always have an issue logging usernames against such traffic. This is what the ISA firewall client is for. The ISA firewall client sits and listens for credential requests (amongst other things) from ISA server. When ISA returns a credentials request to a client, the FWC intercepts the request and responds back to ISA with the user credentials on the client applications behalf.

    Bottom line, you are not going to totally eradicate the anonymous / IP address only position completely.



    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
    Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now