Path to MS ISA Server/MS Forefront TMG log files
Internet Access Monitor for MS ISA Server/Forefront TMG works with ISA Server 2000, ISA Server 2004, ISA Server 2006 and Forefront TMG. During import process the program searches for log files of the *FWS*.*, IP*.log, and *WEB*.* types.
For instance, FWSEXTD20030408.log
Usually, MS ISA Server proxy server stores its log files in C:\Program Files\Microsoft ISA Server\ISAlogs or C:\Program Files\Microsoft Forefront Threat Management Gateway\Logs.
Configuring Microsoft ISA Server 2004/2006
To make Microsoft ISA Server 2004/2006 and Internet Access Monitor run in a bundle, configure the programs as follows:
If Microsoft ISA Server 2004/2006 stores its log files in MSDE format(default) its recommended to install Internet Access Monitor on the same computer. It is neccesary because the program should get access to the MSDE, using which it processes MDF log files.
Importing log files from MSDE databases located on remote computers
Starting from version 3.8, Internet Access Monitor for MS ISA Server allows you to import ISA Server log files that are created and stored in the MSDE format (by default). Below you can see the step-by-step instructions that you should follow before you start importing data. If Internet Access Monitor and Microsoft ISA Server are running on one computer, do not do anything described below!
Important security notice
These instructions are for informational purposes only and must not be taken as recommendations. You should realize that some of the steps below can reduce the security of the computer MS ISA Server is running on. The Red Line Software company shall not be liable for possible damaged caused or not caused through the use of these instructions.
MS ISA Server Configuration
Step 1. Providing network access to the ISALogs folder
The first thing you should do for IAM to be able to import log files from the remote computer is share the folder with MS ISA Server log files. It is recommended to use the standard name - ISALogs. In order to increase the safety of data, you can make the network name invisible by adding the “$” character at the end - ISALogs$
You must check the accessibility of the network name by executing the following command on the computer where the import operation will be performed: \\ServerName\ISALogs. If the list of files is visible, everything is correct.
Step 2. Providing access to MSDE via the TCP/IP protocol
MSDE and the computer log files will be imported to are connected via the TCP/IP protocol. By default, this connection method is forbidden on the MSDE instance that is installed together with MS ISA Server. Therefore, you need to permit it. To do it, you should run SVRNETCN.exe located in the folder "X:\Program Files\Microsoft SQL Server\80\Tool\Binn\", where X is the name of the drive MS ISA Server is installed on.
Enable TCP/IP in the dialog box that you will see. Then select it, click the Properties button and make sure that port 1433 is specified:
Step 3. Creating rules allowing access to the ISA Server computer via Microsoft SQL protocols
Internet Access Monitor will try to establish a connection to the computer where MSDE is running. By default, ISA Server blocks this kind of access. So you have to create a special rule fixing this problem. For example, like this.
But it is better to add the computer to the "Remote Management Computers" computers set and create the following rule:
Step 4. Granting the right to read data from MSDE databases
If log files are imported by a user belonging to the Administrators group on the ISA Server computer, there is no need to grant any additional rights. Otherwise, you should do the following:
- Go to the computer with ISA Server
- Type the Visual Basic script below and save it anywhere on the disk. For example, as isamsde.vbs
- Edit the script according to the instructions below
- Run the script with the following command: cscript.exe isamsde.vbs
Step 5. Restarting the services
To successfully apply the made changes, you MUST stop and then start the Microsoft Firewall and Microsoft Data Engine services.
Attention! You should realize that network users will not be able to access the Internet while these services are being restarted.
Script
Below you can see the script granting a certain user or a group of users access to MSDE databases. Attention! There is an intentional mistake in the script, in particular, the account the permissions are granted to is not specified in it. So, before running it, you should open the script in any editor and insert the name of the actual account or user group that will import log files on the remote computer. After you make the changes, you should remove the comment from the script that causes the compilation error and run it.
You can download a copy of this script using the following link: http://www.Redline-Software.com/upload/products/iam/isamsde.vbs
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE
' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS
' HEREBY PERMITTED.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' This script grants access to all MSDE log databases for specified user
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Option Explicit
Main
Sub Main
Dim shell ' A WshShell object
Dim serverName ' A String
Dim cn ' An ADODB Connection object
Dim rs ' An ADODB Recordset object
Dim cmd ' An ADODB Command object
Dim cmdText ' A String
Dim dbNamesCounter ' A Snteger
Dim dbNames(1000) ' An Array
Dim dbUser ' A String
Dim itemIndex ' A Integer
!!!!!Replace the variable value below with a real account or group name!. Then delete this line !!!!
dbUser = "SERVER\User"
WScript.Echo "Starting..."
On Error Resume Next
Set shell = CreateObject("WScript.Shell")
If Err.Number <> 0 Then
ReportError "creating the WshShell object."
WScript.Quit
End If
On Error GoTo 0
If LCase(Right(WScript.FullName, 11)) <> "cscript.exe" Then
WScript.Echo "Usage:" & VbCrLf _
& " This script can be run from a command prompt " & VbCrLf _
& " by entering the following command:" & VbCrLf _
& " Cscript " & WScript.ScriptName
WScript.Quit
End If
' Get the name of the local ISA Server computer.
On Error Resume Next
serverName = shell.ExpandEnvironmentStrings("%ComputerName%")
If Err.Number <> 0 Then
ReportError "reading the %ComputerName% environment variable."
WScript.Quit
End If
On Error GoTo 0
' Create and open an ADODB Connection object.
Set cn = CreateObject("ADODB.Connection")
cn.ConnectionTimeout = 25
cn.Provider = "SQLOLEDB"
cn.Properties("Data Source").Value = serverName & "\MSFW"
cn.Properties("Integrated Security").Value = "SSPI"
On Error Resume Next
cn.Open
If Err.Number <> 0 Then
ReportError "opening a database connection."
WScript.Quit
End If
' Create an ADODB Command object.
On Error Resume Next
Set cmd = CreateObject("ADODB.Command")
If Err.Number <> 0 Then
ReportError "creating a Command object."
WScript.Quit
End If
Set cmd.ActiveConnection = cn
On Error GoTo 0
' Create and open an ADODB Recordset object to get the collection
' of active databases.
Set rs = CreateObject("ADODB.Recordset")
cmdText = "SELECT name FROM master.dbo.sysdatabases WHERE (name like 'ISALOG_%') or (name like 'model')"
On Error Resume Next
rs.Open cmdText, cn
If Err.Number <> 0 Then
ReportError "selecting active databases list."
WScript.Quit
End If
On Error GoTo 0
' Iterate through the databases list, fill array of database names
rs.MoveFirst
dbNamesCounter = 0
Do While Not rs.EOF
dbNames(dbNamesCounter) = rs("name")
dbNamesCounter = dbNamesCounter + 1
rs.MoveNext
Loop
rs.Close
' Iterate through the databases list, granting access
For itemIndex = 0 To UBound(dbNames)
If Not(dbNames(itemIndex)) = Empty Then
GrantUserAccessToDB cmd, dbNames(itemIndex), dbUser
End If
Next
WScript.Echo "Done."
End Sub
' Grants access to database for specified user
Sub GrantUserAccessToDB(cmd, dbName, dbUser)
WScript.Echo "Updating " & dbName & " ..."
cmd.CommandText = "use " & dbName
WScript.Echo " >" & cmd.CommandText
On Error Resume Next
cmd.Execute
If Err.Number <> 0 Then
ReportError "attempting to change context to " & dbName & "."
WScript.Quit
End If
On Error GoTo 0
' Grant database login permission to user
cmd.CommandText = "exec sp_grantlogin '" & dbUser & "'"
WScript.Echo " >" & cmd.CommandText
On Error Resume Next
cmd.Execute
If Err.Number <> 0 Then
ReportError "attempting to grant database login permission to " & dbUser & "."
End If
On Error GoTo 0
cmd.CommandText = "exec sp_grantdbaccess '" & dbUser & "'"
WScript.Echo " >" & cmd.CommandText
On Error Resume Next
cmd.Execute
If Err.Number <> 0 Then
ReportError "granting access for " & dbUser & " to " & dbName & "."
End If
On Error GoTo 0
cmd.CommandText = "exec sp_addrolemember 'db_datareader','" & dbUser & "'"
WScript.Echo " >" & cmd.CommandText
On Error Resume Next
cmd.Execute
If Err.Number <> 0 Then
ReportError "adding reader role for " & dbUser & " to " & dbName & "."
End If
On Error GoTo 0
End Sub
Sub ReportError(message)
WScript.Echo " ------------------------------------------ " & vbCrLf _
& " | An error was encountered while " & message & vbCrLf _
& " | Number : " & Hex(Err.Number) & vbCrLf _
& " | Description : " & Err.Description & vbCrLf _
& " ------------------------------------------ "
Err.Clear
End Sub
Internet Access Monitor Configuration
The program requires no special configuration.
Comments
Import from MSDE databases located on a remote computer is a bit different from the variant when both programs (ISA Server and Internet Access Monitor) are installed on one computer. Since access to the database is read-only, IAM cannot connect new databases to SQL Server from the remote computer. So, if there is a log file in the MSDE format in the ISALogs folder, but it is too old and ISA Server has already excluded this file from the list of active ones, it will not be imported. To solve this problem, you should either manually connect the database file to the server (exec sp_attach_single_file_db “DBName”, “DBFileName”) or install the program on the same computer where ISA Server is running. Due to this problem, it is recommended to configure the Internet Access Monitor scheduler to import log files every day.
One more important issue is the correct path to log files in Internet Access Monitor. In case MSDE log files are imported from the remote computer, you must use UNC paths to log files. The variant with mounting a network drive will not work correctly. An example of paths to log files specified correctly:
Configuring Microsoft Forefront Threat Management Gateway
To make Microsoft Forefront Threat Management Gateway and Internet Access Monitor run in a bundle, configure the programs as follows:
Configuring Microsoft ISA Server 2000
To make Microsoft ISA Server 2000 and Internet Access Monitor run in a bundle, configure the programs as follows:
