This Rule generates alerts when The Microsoft Firewall service failed to log information because the Firewall log does not exist
The Firewall service generates an event when it fails to log information to a text file.The first parameter of the event indicates the name of the logging component: Firewall or Web Proxy.
The second parameter of the event indicates the name of the text file.
The third parameter of the alert indicates the full path of the logging folder.
Logging to a text file can fail under the following circumstances:
Low resources on the computer.
There is not enough space on the logging disk drive.
The service does not have sufficient permissions to write to the logging folder.
Close other programs that are running. Use the Task Manager to check programs and processes that are using large amounts of system resources.
Delete unnecessary files from the logging disk drive.
Check that the configuration is valid.
For more information about ISA Server Logs, see the "Logs" topic in the ISA Server on-line help.
Target | Microsoft.ISAServer.2006.Logging.Text |
Category | EventCollection |
Enabled | True |
Alert Generate | False |
Remotable | True |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.ISAServer.2006.Rule.AlertGenerate.DS | Default |
WA | WriteAction | Microsoft.ISAServer.2006.Rule.AlertGenerate.WA | Default |
<Rule ID="Microsoft.ISAServer.2006.The_Microsoft_Firewall_service_failed_to_log_information_because_the_Firewall_log_does_not_exist.Rule" Enabled="onEssentialMonitoring" Target="Microsoft.ISAServer.2006.Logging.Text" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Microsoft.ISAServer.2006.Rule.AlertGenerate.DS">
<ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<EventsPattern>^(4)$</EventsPattern>
<EventType>1</EventType>
<SourcePattern>Microsoft Firewall</SourcePattern>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WA" TypeID="Microsoft.ISAServer.2006.Rule.AlertGenerate.WA">
<AlertMessageId>$MPElement[Name="Microsoft.ISAServer.2006.The_Microsoft_Firewall_service_failed_to_log_information_because_the_Firewall_log_does_not_exist.AlertMessage"]$</AlertMessageId>
<DomainName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/DomainDnsName$</DomainName>
<Priority>2</Priority>
<Severity>2</Severity>
</WriteAction>
</WriteActions>
</Rule>