Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed

ISA Server 2004 has excellent reporting capabilities that take advantage of the logging mechanisms in place. By default, a number of useful reports are included in ISA Server as follows:

  • Web Usage Report A Web Usage Report illustrates which users and client systems are the top web users, which sites are accessed most often, what types of browsers and operating systems are used, and what types of objects are being accessed.

  • Application Usage Report The Application Usage Report gives information on which protocols are used most often, what destinations are being used, and what types of client applications and operating systems are used.

  • Traffic and Utilization Report This report details network traffic by protocol and also indicates how effective the content caching is.

  • Security Report The Security Report lists users who most often have authorization failures and dropped packets. This can help to triangulate the source of attacks.

  • Summary Report The Summary Report lists the top information from each type of report and summarizes it into a single report.

The reports are generated in HTML and can be saved to other network locations on a scheduled basis. They can be a very effective tool in discovering useful information about a network.

Customizing Reports

Each one of the default report types can be customized directly from the Tasks tab of the Reports area. Clicking on the Customize links makes available settings such as the ones shown in Figure 19.15. For example, the top users could be modified to display only the top 10, or expanded to include the top 20.

Figure 19.15. Customizing report content.

Generating Reports

Generating a report in ISA Server is another straightforward task, which can be kicked off via a wizard process. For example, to create a one-time summary report, do the following:

1.

In the ISA Console, select the Monitoring node, then select the Reports tab from the Details pane.

2.

From the Tasks tab of the Tasks pane, click the link for Generate a New Report.

3.

Enter a descriptive name, such as ISA Summary Report, and click Next.

4.

Under the type of content to include, check only Summary, as shown in Figure 19.16, and click Next to continue.

Figure 19.16. Creating a Summary Report.

5.

Enter the Start and End Date from which the report will pull data. Note that reports can pull data out of only dates in the past, and not the current date.

6.

Under Reports Publishing, check the box to Publish Reports to a Directory and enter a UNC path to which the report is to be saved, entering credentials as necessary to write the file. Click Next to continue.

7.

The Send E-mail Notification dialog box enables emails to be sent when the report is generated. This is optional, and is skipped in this example. Click Next to continue.

8.

Click Finish.

After creating the report, wait for the report's status to change from Generating to Completed (press F5 to refresh the screen if necessary). To view the report, as shown in Figure 19.17, double-click on the report name in the Details pane.

Figure 19.17. Viewing a Summary Report.

Scheduling Report Generation

Another great advantage to ISA reports is that they can be scheduled to run daily, weekly, or monthly on a scheduled basis. By automating this type of information, administrators and management can get consistent, updated, useful information on the traffic that ISA is processing.

1.

From the Tasks tab of the Tasks pane, click the link for Create and Configure Report Jobs.

2.

Click Add.

3.

Enter a descriptive Report Job name, such as Weekly ISA Full Report, and click Next.

4.

Select which reports are to be included by checking them (all are chosen by default) and click Next.

5.

Under Run This Report Job, select Weekly, and choose Sunday as the day, as shown in Figure 19.18.

Figure 19.18. Scheduling a Report.

6.

Under Publish Reports to a Directory, check the box and enter a UNC path of a server to which the HTML file should be saved. If credentials are needed, enter them by checking the box to Publish Using This Account. Click Next to continue.

7.

Enter email notification information if desired and click Next to continue.

8.

Click Finish, OK, Apply, and OK.

    Категории