MonitorWare Knowledge Base

by **syslogfan2007** on Fri Mar 30, 2007 8:30 pm

I have been unsuccessful in trying to figure out an easy way to accomplish the following:

I have an MS ISA FW / Proxy server and I want to be able to get the event logs and the firewall logs sent to a Unix syslog server.

Snare ISA can accomplish this really easily, but it causes an insane CPU load on the firewall that is not tolerable.

What are the steps involved to get this to work with your products?

Thanks!!!!!!!

by **friedl** on Mon Apr 02, 2007 3:58 pm

Hello.

For your MS ISA FW Logs, it would be best to configure it to store them in textfile logs. You can monitor them with the FileMonitor of MonitorWare Agent. At the same time you can monitor the regular EventLog Data, too. You can then forward all this data to a syslog server.

I have just made a brief guide to your problem. Please try it. This should cover everything you want. If anything is missing, please tell us.

The guide can be found here:
http://www.adiscon.com/common/en/stepby ... gfiles.php

Best regards,

Florian Riedl
Adiscon

by **syslogfan2007** on Tue Apr 03, 2007 1:19 pm

Wow. I am impressed.

a) quick turnaround
b) a custom-written guide.

Great work guys. I will try this out and let you know if I have any more issues. Either way, I definitely appreciate the help!

MonitorWare Knowledge Base

MS ISA Proxy FW + EventLogs via Monitorware ->syslog serv

MS ISA Proxy FW + EventLogs via Monitorware ->syslog serv

Who is online