Firewall Analyzer - Microsoft ISA log analyzer software

Firewall Analyzer, a Microsoft ISA analyzer tool, analyzes the logs of Microsoft ISA server (or Forefront threat management gateway server) and generates security and traffic reports.
Firewall Analyzer supports the following logs from the components of the Microsoft ISA server:

  1. Packet filters
  2. ISA server firewall service
  3. ISA server web proxy service.

Apart from Microsoft ISA server logs, it analyzes logs from various network periphery security devices like, firewalls, proxy servers, IDS, IPS, VPN.

Firewall Analyzer, an ISA log analyzer, supports W3C extended log file format and ISA server file log format. ISA server firewall service supports this W3C extended log file format and only ISA server web proxy service supports the ISA server file log format. Depending upon your requirement, you have to configure Microsoft ISA servers to support one of the above log formats.

After configuration, you can manually import ISA firewall log file into Firewall Analyzer or use periodical import provision. If you want Firewall Analyzer to periodically import the ISA server logs, use FTP import provision in 'Remote Host', with the time interval more than the time interval set in the ISA Server.

Microsoft ISA firewall logs reveal numerous information on the nature of traffic coming in and going out of the firewall, helping you to strengthen the network security. Analyzing these firewall logs is vital to understanding network security and bandwidth usage and plays an important role in optimizing the business use. Firewall Analyzer offers many features that help in collecting, analyzing and reporting on Microsoft ISA server logs.

Firewall Analyzer, an ISA log viewer, generates the following ISA log report for network security and traffic from the Microsoft ISA firewall logs:

Security reports:

  • Security
  • Virus
  • Attack
  • Spam

Traffic reports:

  • Intranet and internet
  • Protocol-wise
  • User-wise
  • VPN
  • Trend

Monitoring Microsoft ISA server traffic

Firewall Analyzer, a ISA server traffic monitoring tool, generates traffic reports. The exhaustive bandwidth information provided by the firewall is fully utilized by the ISA server log monitoring tool to provide extensive traffic reports.

You can use the ISA server bandwidth monitoring reports to augment bandwidth. It generates ISA server user monitoring reports.

User-wise traffic:

The user-wise report of ISA log file analyzer tool provides at-a-glance information about the top 10 users consuming bandwidth and shows bandwidth consumption of all users when expanded. You can analyze the reason for high consumption of bandwidth, and take necessary measures to optimize its use.

Protocol-wise traffic:

The protocol-wise report of ISA server log analyzer tool will indicate when any sparingly-used protocol is consuming more bandwidth than average for each protocol. Protocols like video streaming consume more bandwidth, limiting the bandwidth required for other business processes. If Telnet and FTP protocols are being used excessively, it can indicate a network is vulnerable to attacks.

Country-wise traffic:

The country-wise traffic report of ISA log file analyzer, gives the list of countries by bandwidth usage.  If you find the traffic is from a region with a track record of network attacks, you can take protective measures to reduce the traffic.

VPN reports:

View the big picture of VPN usage. You can find who is using a VPN, which VPN user group is using a VPN, and which users have been denied VPN access.
These ISA log reports will help you prioritize critical business bandwidth usage.

 

 ISA server bandwidth monitoring - traffic reports - ManageEngine Firewall Analyzer

 

With all these features, Firewall Analyzer is a comprehensive solution to meet your ISA server monitoring needs. Get started now with a free trial of Firewall Analyzer.

Refer the Configure Microsoft ISA server help page, to import logs from Microsoft ISA server into Firewall Analyzer.

 

 

A single platter for comprehensive Network Security Device Management