Transcript Implementing Monitoring and Reporting

Implementing Monitoring
and Reporting
1
Why Should Implement Monitoring?
• One of the biggest complaints we hear about
firewall products from almost all vendors
concerns the monitoring and reporting
capabilities
• Network administrators need to be able to
track attempted intrusions and attacks from
outside
2
Log and report
• Awareness of failed or successful intrusions and attacks so
you can take additional preventative measures
• Evidentiary documentation for forensics purposes when
pursuing civil or criminal actions against intruders, attackers
or insiders who misuse the network
• Tracking of bandwidth usage for planning expansion of the
network
• Establishment of performance benchmarks for planning
future capacity requirements
• Justification to management for budgetary considerations
• Paper trail for management and outside regulatory agencies
to show compliance with policies and regulations
3
Planning a Monitoring and Reporting
•
•
•
•
Monitoring traffic flow between networks
Troubleshooting network connectivity
Investigating attacks
Planning
4
Monitoring in ISA 2006
•
•
•
•
•
How to use the ISA 2006 Dashboard (section by section)
How to create and configure notification alerts
How to monitor sessions and services on the ISA Firewall
How to configure logs and generate reports
How to use the ISA Firewall performance monitor (a
specially-configured instance
• of the Windows Server System Monitor that is installed
with ISA Firewall)
• How to preserve log information prior to an ISA 2004
upgrade
5
Exploring the ISA 2006 Dashboard
6
Dashboard Sections
•
•
•
•
•
•
Connectivity
Services
Reports
Alerts
Sessions
System Performance
7
Dashboard Connectivity Section
Monitor connections between the ISA
Firewall machine and other computers
8
Dashboard Services Section
quickly check the
status of the
services
9
Dashboard Reports Section
determine whether scheduled or manually generated
reports have finished generating
10
Dashboard Alerts Section
quickly determine the events that have
been logged on the ISA Firewall computer
11
Dashboard Sessions Section
easy to see, at a glance, the session types
and number of sessions that are currently active through the ISA
2006
12
Dashboard System Performance
View of the two most important performance:
Section
•Allowed packets per second (times 10)
• Dropped packets per second
13
Creating and Configuring ISA 2006
Alerts
• ISA Firewall’s alerting function means that can
be notified of important ISA-related events as
soon as they are detected
• Viewing the
Predefined Alerts
14
Creating a New Alert
Selecting Events and
Conditions to Trigger an Alert
15
Creating a New Alert
Assigning a Category and
Selecting a Severity Level for
your New Alert
16
Creating a New Alert
Defining Actions to be
Performed when the Alert
is Triggered
17
Creating a New Alert
Sending E-Mail Notification
Messages
Running a Program when an
Alert is Triggered
18
Viewing Alerts that have been
Triggered
19
Monitoring ISA 2006 Connectivity,
Sessions, and Services
Configuring and Monitoring Connectivity
• Ping
• TCP Connect
• HTTP Request
20
Monitoring ISA 2006 Connectivity,
Sessions, and Services
• Creating Connectivity Verifiers
21
Monitoring Sessions
Information about each session:
• Date and time the session was activated
• Session type (Firewall, Web Proxy, SecureNAT
client, VPN client, or Remote VPN site)
• Client IP address
• Source network
• Client user name (if authentication is required)
• Client host name (for Firewall Client sessions)
• Application name (for Firewall Client sessions)
• Server name (name of the ISA Firewall)
22
Monitoring Sessions
23
Working with ISA Firewall Logs
and Reports
• ISA Firewall 2006 logs all components by default.
These logs include Web Proxy and Firewall
Service
• Log Types:
• Logging to an MSDE Database: display
information saved in an MSDE database
• Logging to a SQL Server: allows you to use
standard SQL tools to query the database
• Logging to a File :display information about the
version,l og date, and logged fields of files
24
How to Configure Logging
25
How to Configure Logging
Confi guring Log Storage Format
Configuring MSDE Database
Logging
26
How to Use the Log Viewer
The Log Viewer with Default
Filter
27
Generating, Viewing, and Publishing
Reports with ISA 2006
28