• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 650
  • Last Modified:

ISA 2006 - Reports are not clear

I have ISA 2006 Proxy and running for years. The reports are not clear means, it is coming as IP Address & domain ID...
What should i do to get domain name for all the IP address??

The default reporting may not be as expected. I am expecting the report for user wise URL History, Protocol / port used, bandwidth usage & Scheduling of reports by email...

Let me know recommendations of the software's? licensed or freeware - anything is okey.
  • 2
1 Solution
Raj-GTSystems EngineerCommented:
LogHostName from Collective Software can log the hostname in proxy logs http://www.collectivesoftware.com/Products/LogHostname

For detailed reporting I would recommend http://www.redline-software.com/eng/products/iam/

Keith AlabasterEnterprise ArchitectCommented:
A couple of things. ISA does not report on bandwidth usage - that was a feature of ISA2000 and dropped for ISA2004 and ISA2006.

If you have used the All Users authentication then you are telling ISA that you do not care who users the rules. ISA sees this as 'if you do not care, then ISA does not care either' and just logs the ip address. if you want to log the username etc then you have to use an authenticator such as ldap, active directory or something to pass the user credentials to ISA server rather than using the All Users option.

Sriram_ppAuthor Commented:
keith_alabaster:  It is already integrated with domain controller ..  20% of the reports are coming with domain username and 80% on IP Address.. It is very difficult to map IP Address vs username on daily basis.
Keith AlabasterEnterprise ArchitectCommented:
That is by design.

Practically all traffic requests will have anonymous entries. Think about what is happemning on the box you have not stated but i will assume you have ISA configured as a proxy & firewall.

Client PC tries to connect to a resource out on the internet through ISA
ISA sees the traffic headers and checks its rules from top to see if it has a matching rule
If matching rule is found, ISA then checks the authentication setting for the rule
If authentication is all users, traffic is allowed to pass, a session set up and just the ip is logged
If Ad group then ISA will deny the traffic request, log it as anonymous, and return a request to the client machine asking for the credentials of the user to check against AD.
Client responds with user credentials (if it can)
ISA now checks credentials against AD and if OK allows traffic to pass and now logs with domain\username

You also need to bear in mind that many client applications, such as FTP etc, do not have the capability to carry the user credentials - they simply are built to do it. Therefore you will always have an issue logging usernames against such traffic. This is what the ISA firewall client is for. The ISA firewall client sits and listens for credential requests (amongst other things) from ISA server. When ISA returns a credentials request to a client, the FWC intercepts the request and responds back to ISA with the user credentials on the client applications behalf.

Bottom line, you are not going to totally eradicate the anonymous / IP address only position completely.


Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now