Friday, November 30, 2012 7:05 PM
We are using ISA2006 as a firewall. Our company policy it not allowing anyuse to download cracked application.
So, I am assuming that ISA server is saving all the things that users do on the web, so how can I check the ISA logs to find out which user is trying to download the cracked appliction.
Friday, November 30, 2012 8:42 PM
you can use the ISA Server realtime logging to see network traffic on the ISA Server but it will be hard to find users which downloaded cracked application. How do you know that the download contains a cracked application?
regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
Saturday, December 01, 2012 1:38 AM
Netfee for ISA/TMG. You can set warn rule to show all of .exe file downloaded.
Sunday, December 02, 2012 7:53 PM
You can configure your ISA server to store its logs in a central SQL database: http://support.microsoft.com/kb/838710
Once done, you can develop and create your own queries to get all the needed information.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Sunday, December 02, 2012 8:03 PM
Hi Mr X,
I do not want to use third party tools, I checked the link you provided, however what information will be saved in the d DB?
Do the username and the information he browsed the net will be saved in this DB?
Many thanks Mr X
Monday, December 03, 2012 5:30 AMModerator
Thank you for the post.
You may create your own queries for SQL to get you want. here is no specific documentation on TMG to do that since it is a more a SQL type of procedure. Here are the fields that are logged on the SQL database:
Web Proxy Log fields: http://technet.microsoft.com/en-us/library/cc441708.aspx
Firewall Log Fields: http://technet.microsoft.com/en-us/library/cc441692.aspx
Nick Gu - MSFT
- Proposed As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Wednesday, December 05, 2012 5:31 AM
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Thursday, December 06, 2012 9:10 AM