You accomplish event monitoring in ISA Server through Event Viewer, a built-in administrative tool. In this section we explore first how to monitor and then how to analyze events. To open Event Viewer, select Event Viewer from the Administrative Tools menu.
You can start and stop ISA Server services through the ISA Management console, the Services Microsoft Management console (MMC), or from a command line. Each time a service status changes, an event is created. All ISA Server events are written to the Application log in Event Viewer. As a network administrator, whether you're determining the cause of a problem or merely checking on past server activity, Event Viewer is your primary resource.
In the earlier section in this chapter entitled "Alerts" we took an in-depth look at the role of alerts in ISA Server. All 56 alerts are preconfigured to write an event to the Application log. Because of the variety of events maintained in Event Viewer, it's nearly impossible to gain knowledge of each type of ISA Server event. For many network administrators, knowing the meaning of every event isn't as important as knowing where to find the information to resolve the event. Microsoft has collected lists of events for each of the ISA services and has made those events available in ISA Server Help. To locate more information within ISA Server Help, type Event Messages into the search field.
In the Microsoft Support Center, located at http://support.microsoft.com, you can perform searches against an indexed catalog of support articles related to ISA Server. As most event descriptions seem cryptic, your search results against the Microsoft Knowledge Base will help discover support articles that provide more detailed explanations of the problem, cause, and resolution.
A great way to stay informed of events is to implement an event monitoring solution such as Microsoft Operations Manager 2005 (MOM), which makes available a management pack specifically for ISA Server. For more information on MOM, see Chapter 18.