The Microsoft Firewall service failed to log information because the Firewall log does not exist - Microsoft.ISAServer.2006.The_Microsoft_Firewall_service_failed_to_log_information_because_the_Firewall_log_does_not

Microsoft.ISAServer.2006.The_Microsoft_Firewall_service_failed_to_log_information_because_the_Firewall_log_does_not_exist.Rule (Rule)

This Rule generates alerts when The Microsoft Firewall service failed to log information because the Firewall log does not exist

Knowledge Base article:

Summary

The Firewall service generates an event when it fails to log information to a text file.The first parameter of the event indicates the name of the logging component: Firewall or Web Proxy.

The second parameter of the event indicates the name of the text file.

The third parameter of the alert indicates the full path of the logging folder.

Causes

Logging to a text file can fail under the following circumstances:

Low resources on the computer.
There is not enough space on the logging disk drive.
The service does not have sufficient permissions to write to the logging folder.

Resolutions

Close other programs that are running. Use the Task Manager to check programs and processes that are using large amounts of system resources.
Delete unnecessary files from the logging disk drive.
Check that the configuration is valid.

External

For more information about ISA Server Logs, see the "Logs" topic in the ISA Server on-line help.

Element properties:

Target	Microsoft.ISAServer.2006.Logging.Text
Category	EventCollection
Enabled	True
Alert Generate	False
Remotable	True

Member Modules:

ID	Module Type	TypeId	RunAs
DS	DataSource	Microsoft.ISAServer.2006.Rule.AlertGenerate.DS	Default
WA	WriteAction	Microsoft.ISAServer.2006.Rule.AlertGenerate.WA	Default

Module Type

TypeId

RunAs

DataSource

Microsoft.ISAServer.2006.Rule.AlertGenerate.DS

Default

WriteAction

Microsoft.ISAServer.2006.Rule.AlertGenerate.WA

Default

Source Code:

<Rule ID="Microsoft.ISAServer.2006.The_Microsoft_Firewall_service_failed_to_log_information_because_the_Firewall_log_does_not_exist.Rule" Enabled="onEssentialMonitoring" Target="Microsoft.ISAServer.2006.Logging.Text" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100"> <Category>EventCollection</Category> <DataSources> <DataSource ID="DS" TypeID="Microsoft.ISAServer.2006.Rule.AlertGenerate.DS"> <ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName> <LogName>Application</LogName> <EventsPattern>^(4)$</EventsPattern> <EventType>1</EventType> <SourcePattern>Microsoft Firewall</SourcePattern> </DataSource> </DataSources> <WriteActions> <WriteAction ID="WA" TypeID="Microsoft.ISAServer.2006.Rule.AlertGenerate.WA"> <AlertMessageId>$MPElement[Name="Microsoft.ISAServer.2006.The_Microsoft_Firewall_service_failed_to_log_information_because_the_Firewall_log_does_not_exist.AlertMessage"]$</AlertMessageId> <DomainName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/DomainDnsName$</DomainName> <Priority>2</Priority> <Severity>2</Severity> </WriteAction> </WriteActions> </Rule>