For ISA Server 2006 Enterprise Edition, for
enterprise-level requests, expand Microsoft Internet Security
and Acceleration Server 2006, expand Enterprise,
expand Enterprise Policies, and then click
For ISA Server 2006 Enterprise Edition, for array-level
requests, expand Microsoft Internet Security and Acceleration
Server 2006, expand Arrays, expand
Array_Name, and then click Firewall
For ISA Server 2006 Standard Edition, expand Microsoft
Internet Security and Acceleration Server 2006, expand
Server_Name, and then click Firewall
In the details pane, click the rule for which logging should be
On the Tasks tab, click Edit Selected Rule.
On the Action tab, select the Log requests matching
this rule check box.
To open ISA Server Management, click Start, point to
All Programs, point to Microsoft ISA Server, and then
click ISA Server Management.
If a large amount of data is being logged from a specific
protocol or source, you can create a new rule, which applies to
that type of traffic, for which requests are not logged. For
example, suppose your policy does not allow DHCP requests, and as a
result, there are many DHCP requests that are being denied. You can
create a new access rule that denies DHCP requests, but does not
log the requests.
By disabling logging for a specific rule, you effectively
reduce the load on the ISA Server computer if it is under attack.
However, note that if you disable logging on the default deny rule,
ISA Server cannot detect port scan attacks.