Cut Back on ISa 2004 Log Noise

If you've taken a look at the cool new live log view in the ISA Manager, you've surely noticed that a majority of the log information is white noise and not very interesting. You can reduce the amount of white noise in the log by limiting which rules are being logged. This will also have the bonus effect of reducing the amount of space that the logs are taking up on your server.

One of the biggest noise makers in the log is the rule, Allow Access from Trusted Computers to the Firewall Client installation share on ISA Server. It includes the protocols CIF (TCP and UDP), Netbios name service, Netbios datagram and Netbios session. Logging this information really isn't going to help you troubleshoot your ISA server. However, if you find you really need this information you can always turn the logging back on.

To turn off logging for this rule you first have to be able to see the rule. Rules created by system policy are hidden by default. To unhide them, while in Firewall Policy, go to View and click Show System Policies. They'll now appear at the top of the list in the Firewall Policy pane. Right click on the policy Allow Access from Trusted computer to the firewall client installation share on ISA Server, and select Properties. Go to the Action tab and uncheck Log requests matching this rule. Click OK and then Click the Apply button at the top of the page.

Now you'll be better able to spot the important stuff.