ProxyInspector for ISA Server Enterprise edition: Initial Configuration

ProxyInspector for ISA Server Enterprise edition: Initial Configuration

To display the configuration dialog box, choose Database > Program settings. There you can enter the number of servers you need, name them, and personalize all the settings. The path to log files may be either in local format (c:\pi\logs) or UNC format (\\officeserver\pi_logs).

ISA Server settings

Other options:

Process Web-proxy logs – enables/disables processing log files of either the web proxy service (for ISA 2000) or the web proxy application filter (for ISA 2004). These log files have names of the following types:


WEBEXT?????????.log ISA 2000, the W3C format
WEB?????????.log ISA 2000, the IIS format
ISALOG_????????_WEB_???.w3c ISA 2004, the W3C format
ISALOG_????????_WEB_???.iis ISA 2004, the IIS format

It is recommended to leave the option enabled.

Process FireWall logs – enables/disables processing log files of the firewall service. These log files have names of the following types:

FWSEXT?????????.log ISA 2000, the W3C format
FWS?????????.log ISA 2000, the IIS format
ISALOG_????????_FWS_???.w3c ISA 2004, the W3C format
ISALOG_????????_FWS_???.iis ISA 2004, the IIS format

It is recommended to leave the option enabled.

Exclude HTTP traffic (only for ISA 2004) – allows you to avoid duplicating web traffic in reports. Due to some peculiarities of the ISA 2004 architecture, web traffic is recorded twice in its log files, the first time it is the firewall log and the second time it is the web proxy log. It is recommended to leave the option enabled.

Process packet filter logs (only for ISA 2000) – enables/disables processing the logs of the packet filter. It is recommended to enable the option.

Packet filter: import only "BLOCKED" records – enabling this option allows you to considerably speed up processing packet filter logs and reduces the size of the DB. As a rule, the number of records with the BLOCKED status is a few dozen times fewer than with the ALLOWED status.

Use IP instead of 'anonymous' username – if this option is enabled, the username anonymous will be replace with the IP address from which the request was sent. Enabling this option is reasonable only when IP addresses are distributed statically (without using DHCP) and username substitution is used. The option works for all types of log files except for the packet filter.

Strip anything before '/' '\' from username – allows you to change the type of usernames from Domain\User to User during the import process. It is recommended to leave this option enabled for networks with one NT domain. The option works for all types of log files except the packet filter.

Do not process lines with 401/407 codes in sc-status field – allows you to skip authorization requests/denials, though these requests are internal, they are still written into the log file with codes 401/407. The option works only for web proxy logs that have the sc-status field. It is recommended to leave the option enabled.

Do not process UDP Bind – allows you to skip UDP sessions with the Bind status, these records in log files are duplicate. The option works only for firewall logs. It is recommended to leave the option enabled.

Web-proxy filtration

Control over counting traffic from the web proxy cache. To count only external traffic, it is recommended to leave the values 0, Inet, VFInet enabled.

Local addresses

Allows you to avoid including internal traffic into reports even if it is recorded in firewall log files (it may occur in ISA 2004 because it is possible for each rule to control writing to log files). Traffic is considered to be internal (local) if both the client IP address and the server IP address are found in the table with local addresses.

Attention!
All the above options work only during the process of importing into the database. The information in the DB is not affected. If you want to apply new settings to all data, you should clear the entire DB (Database | Clear database) and import log files again.