In addition to the robust Logging mechanism, the ISA Monitoring Node also contains various tabs that link to other extended troubleshooting and monitoring tools. Each of these tools performs unique functions, such as generating reports, alerting administrators, or verifying connectivity to critical services. It is therefore important to understand how each of these tools work. Customizing the ISA DashboardThe ISA Dashboard, shown in Figure 19.1, provides for quick and comprehensive monitoring of a multitude of ISA components from a single screen. The view is customizable, and clicking on the Arrow buttons in the upper right corner of individual components expands or collapses them. All the individual ISA Monitoring elements are summarized here. TIP The ISA Dashboard is the logical "parking" page for ISA Administrators, who can leave the screen set at the Dashboard to allow for quick-glance views of ISA health. Monitoring and Customizing AlertsThe Alerts tab, shown in Figure 19.9, lists all the status alerts that ISA has generated while it has been in operation. It is beneficial to look through these alerts on a regular basis, and acknowledge them when it's no longer necessary to display them on the Dashboard. If alerts need to be permanently removed, they can be reset instead. Resetting or acknowledging alerts is as simple as right-clicking on them and choosing Reset or Acknowledge. Figure 19.9. Viewing the ISA Alerts tab.Alerts that show up in this list are listed because their default alert definition specified an action to display them in the console. This type of alert behavior is completely customizable, and alerts can be made to perform the following actions:
For example, it may be necessary to force a stop of the firewall service if a specific type of attack is detected. Configuring alert definitions is relatively straightforward. For example, the following process illustrates how to create an alert that sends an email to an administrator when a SYN attack is detected:
As is evident from the list, a vast number of existing Alert definitions can be configured, and a large number of thresholds can be set. In addition, clicking the Add button on the Alerts Properties dialog box and following the wizard makes it possible to configure customized alerts. This allows for an even greater degree of personalization. Monitoring Session and Services ActivityThe Services tab, shown in Figure 19.12, offers a quick-glance view of the ISA Services: whether they are running and how long they have been up since last being restarted. The services can also be stopped and started from this tab. Figure 19.12. Monitoring ISA Services.The Sessions tab allows for more interaction: Individual unique sessions to the ISA Server can be viewed and disconnected as necessary. For example, it may be necessary to disconnect any users who are on a VPN connection if a change to the VPN policy has just been issued. VPN clients that have already established a session with the ISA Server are subject to the laws of only the VPN policy that was in effect when they originally logged in. To disconnect a session, right-click on it and choose Disconnect Session, as shown in Figure 19.13. Figure 19.13. Disconnecting a Session.Creating Connectivity VerifiersConnectivity verifiers can be a useful way of extending ISA's capabilities to include monitoring of critical services within an environment, such as DNS, DHCP, HTTP, or other custom services. Connectivity verifiers are essentially a "quick and dirty" approach to monitoring an environment with very little cost because they take advantage of ISA's alerting capabilities and the Dashboard to display the verifiers. For example, the following step-by-step process illustrates setting up a connectivity verifier that checks the status of an internal web server.
After they are created, connectivity verifiers that fit into the major group types are reflected on the Dashboard. Creating multiple connectivity verifiers in each of the common group types can make the Dashboard a more effective monitoring tool. |