Access Denied: Activating the IAS Log

To closely monitor our remote access connections, we've configured all our VPN servers to authenticate against our central Internet Authentication Service (IAS) server through Remote Authentication Dial-In User Service (RADIUS). Can you explain how to activate IAS logging and tell us where to find documentation to help us interpret the log?

To activate IAS logging, open the Microsoft Management Console (MMC) Internet Authentication Service snap-in and click the Remote Access Logging folder in the treeview pane. Right-click the Local File logging method in the details pane, and select Properties. On the Settings tab, which Web Figure 1 (http://www.winnetmag.com/windowssecurity, InstantDoc ID 40571) shows, select all three check boxes to enable full logging, then click the Local File tab. On that tab, which Web Figure 2 shows, select a time period to determine how frequently IAS starts a new log. I prefer to configure the time period to correspond to how frequently I check the log so that I don't have to scan more than one log each time I check. As you can see, IAS defaults to creating the log files in %winroot%system32logfiles.

Web Figure 3 shows a sample IAS log file. IAS begins each filename with IN and formats the filename according to the time period you select—for example, if you select the Daily time period, filenames use the INyymmdd.log format.

At the top of the Local File tab, you can specify a log-file format. In most cases, I recommend that you select the IAS Format check box, then use the Iasparse tool to analyze the log file. You can find Iasparse in the Windows Server 2003 SupportTools folder on the Windows 2003 CD-ROM, in the Microsoft Windows Server 2003 Resource Kit, and in the Microsoft Windows Server 2000 Resource Kit.

If you plan to do heavy-duty analysis and reporting, you should select the Database compatible file format option, then import the log into a database such as Microsoft Access. If you take this approach, you'll need to understand the IAS log's columns and codes. You can find that documentation at http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/sag_ias_log2a.htm.