Monitoring ISA from the ISA Console

In addition to the robust Logging mechanism, the ISA Monitoring Node also contains various tabs that link to other extended troubleshooting and monitoring tools. Each of these tools performs unique functions, such as generating reports, alerting administrators, or verifying connectivity to critical services. It is therefore important to understand how each of these tools work.

Customizing the ISA Dashboard

The ISA Dashboard, shown in Figure 19.1, provides for quick and comprehensive monitoring of a multitude of ISA components from a single screen. The view is customizable, and clicking on the Arrow buttons in the upper right corner of individual components expands or collapses them. All the individual ISA Monitoring elements are summarized here.

TIP

The ISA Dashboard is the logical "parking" page for ISA Administrators, who can leave the screen set at the Dashboard to allow for quick-glance views of ISA health.

Monitoring and Customizing Alerts

The Alerts tab, shown in Figure 19.9, lists all the status alerts that ISA has generated while it has been in operation. It is beneficial to look through these alerts on a regular basis, and acknowledge them when it's no longer necessary to display them on the Dashboard. If alerts need to be permanently removed, they can be reset instead. Resetting or acknowledging alerts is as simple as right-clicking on them and choosing Reset or Acknowledge.

Figure 19.9. Viewing the ISA Alerts tab.

Alerts that show up in this list are listed because their default alert definition specified an action to display them in the console. This type of alert behavior is completely customizable, and alerts can be made to perform the following actions:

Send email
Run a program
Report to Windows Event log
Stop Selected Services
Start Selected Services

For example, it may be necessary to force a stop of the firewall service if a specific type of attack is detected. Configuring alert definitions is relatively straightforward. For example, the following process illustrates how to create an alert that sends an email to an administrator when a SYN attack is detected:

1.	From the Alerts tab of the ISA Monitoring Node, select the Tasks tab in the Tasks pane.
2.	Click the link for Configure Alert Definitions.
3.	Under the Alert definitions dialog box, shown in Figure 19.10, choose SYN Attack and click Edit. Figure 19.10. Creating a custom alert definition.
4.	Choose the Actions tab from the SYN Attack Properties dialog box.
5.	Check the Send E-mail box.
6.	Enter the SMTP Server in the organization field, then enter the information in the From, To, and CC fields, similar to what is shown in Figure 19.11. Figure 19.11. Modifying a custom alert definition.
7.	Click the Test button to try the settings, and then click OK to acknowledge a successful test.
8.	Click OK, OK, Apply, and OK to save the settings.

As is evident from the list, a vast number of existing Alert definitions can be configured, and a large number of thresholds can be set. In addition, clicking the Add button on the Alerts Properties dialog box and following the wizard makes it possible to configure customized alerts. This allows for an even greater degree of personalization.

Monitoring Session and Services Activity

The Services tab, shown in Figure 19.12, offers a quick-glance view of the ISA Services: whether they are running and how long they have been up since last being restarted. The services can also be stopped and started from this tab.

Figure 19.12. Monitoring ISA Services.

The Sessions tab allows for more interaction: Individual unique sessions to the ISA Server can be viewed and disconnected as necessary. For example, it may be necessary to disconnect any users who are on a VPN connection if a change to the VPN policy has just been issued. VPN clients that have already established a session with the ISA Server are subject to the laws of only the VPN policy that was in effect when they originally logged in. To disconnect a session, right-click on it and choose Disconnect Session, as shown in Figure 19.13.

Figure 19.13. Disconnecting a Session.

Creating Connectivity Verifiers

Connectivity verifiers can be a useful way of extending ISA's capabilities to include monitoring of critical services within an environment, such as DNS, DHCP, HTTP, or other custom services. Connectivity verifiers are essentially a "quick and dirty" approach to monitoring an environment with very little cost because they take advantage of ISA's alerting capabilities and the Dashboard to display the verifiers.

For example, the following step-by-step process illustrates setting up a connectivity verifier that checks the status of an internal web server.

1.	In the Monitoring tab of the ISA Console, click on the Connectivity tab of the Details pane.
2.	In the Tasks tab of the Tasks pane, click the Create New Connectivity Verifier link.
3.	Enter a name for the connectivity verifier, such as Web Server Verifier, and click Next.
4.	Under the Connectivity Verification Details dialog box, enter the server FQDN, the Group type (which simply determines how it is grouped on the Dashboard), and what type of verification method to usein this case an HTTP GET request, as shown in Figure 19.14. Figure 19.14. Configuring an HTTP Connectivity Verifier.
5.	Click Finish.
6.	Click Yes when prompted to turn on the rule that allows ISA Server to connect via HTTP to selected servers.
7.	Click Apply and OK.

After they are created, connectivity verifiers that fit into the major group types are reflected on the Dashboard. Creating multiple connectivity verifiers in each of the common group types can make the Dashboard a more effective monitoring tool.