Hi all,
I am trying to find where ISA2k store all the intrusion logs. Basically what I've done was:
1. Under properties of IP packet filter, ticked the enable intrusion detection check box.
2. Under intrusion detection tab, selected all types of attacks and left the default settions on the two "Detect After Attacks On" text box.
3. Haven't touched the preconfigured "Intrusion Detected" action. Which is supposed to log a message to the W2k event log.
After doing all that I've went to the grc.com website and scanned myself and didn't find any entries in event viewer. Asked a friend to scan me and also I haven't notied any entries!!
Now my question is... Which log in the event viewer should these alerts be logged? I'd imagine in the security log. But it's empty... Or have I missed something in configuring the logging in ISA?
Just thought of this, do I need to enable anything in the GPO as well for the logs???
Many many thanks for any suggestions.
I am trying to find where ISA2k store all the intrusion logs. Basically what I've done was:
1. Under properties of IP packet filter, ticked the enable intrusion detection check box.
2. Under intrusion detection tab, selected all types of attacks and left the default settions on the two "Detect After Attacks On" text box.
3. Haven't touched the preconfigured "Intrusion Detected" action. Which is supposed to log a message to the W2k event log.
After doing all that I've went to the grc.com website and scanned myself and didn't find any entries in event viewer. Asked a friend to scan me and also I haven't notied any entries!!
Now my question is... Which log in the event viewer should these alerts be logged? I'd imagine in the security log. But it's empty... Or have I missed something in configuring the logging in ISA?
Just thought of this, do I need to enable anything in the GPO as well for the logs???
Many many thanks for any suggestions.
