• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Where are these intrusion logs in ISA2k???

MulLa

Golden Member
Hi all,

I am trying to find where ISA2k store all the intrusion logs. Basically what I've done was:

1. Under properties of IP packet filter, ticked the enable intrusion detection check box.
2. Under intrusion detection tab, selected all types of attacks and left the default settions on the two "Detect After Attacks On" text box.
3. Haven't touched the preconfigured "Intrusion Detected" action. Which is supposed to log a message to the W2k event log.

After doing all that I've went to the grc.com website and scanned myself and didn't find any entries in event viewer. Asked a friend to scan me and also I haven't notied any entries!!

Now my question is... Which log in the event viewer should these alerts be logged? I'd imagine in the security log. But it's empty... Or have I missed something in configuring the logging in ISA?

Just thought of this, do I need to enable anything in the GPO as well for the logs???


Many many thanks for any suggestions.
 
Thanks for the reply, sorry haven't had time to check back sooner.

I have looked through the article but it only refer to logging but haven't got any reference to 'alerts' that are supposed to be entered into event viewer. Do you know if the 'attack attempts' are supposed to be logged in the ISA logs or entered into event viewer. Since the configuration of "Intrusion Detected" action seemed to suggest that it's logged under the event viewer.
 
Back
Top