Why is the ISA "Destination Host Name" log field empty?

Why is the ISA "Destination Host Name" log field empty?

  • Comments 6
  • Likes
As you pore over your ISA logs looking for new and ever-more-interesting data, you may notice that the "Destination Host Name" field is empty for a great many log entries.  This fact is likely to prompt the question: "When is this field populated?"
 
Because of the way traffic is handled for the various ISA clients, there are only two instances where you should expect to see this log field populated:
  1. A Firewall client-enabled application makes a Winsock GetAddrInfo() or GxBy() call using the hostname or full-qualified domain name (FQDN) and the address is not already cached on the local host.
  2. A Web Proxy client makes an initial request using hostname or FQDN.
The hostname used by SecureNAT client applications is not logged because ISA never has this information.
 
Also, ISA Server cannot include the hostname for every single log entry, because it's not maintained as part of the connection object (if it's even known; see above).  So don't expect to see a destination hostname in every log entry.
 
This behavior is due to the way ISA clients make their requests to & through ISA.  The ISA help discusses this and there is an article series on isaserver.org that goes into greater detail.
Comments
  • Hi Jim,
    Nice post! Thanks!
    Tom

  • Is this right?

    "The ISA help discusses this and there is an article series on isatools.org that goes into greater detail"

    These aricles you mentioned are on the isaserver.org site or am i wrong?

    regards Marc

  • <oops> - you're right - the articles are indeed on isaserver.org.
    ..guess which URL I type more often...?
    :-p

  • Hi,

    this is FAQ, nice post,

    Thank you,

  • Hello! Very interesting. Thank you.

  • Yes; where we have a 100 MbpS device operating.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment