Planning for monitoring IAG

  • Article

Applies To: Intelligent Application Gateway (IAG)

Whale Communication Intelligent Application Gateway (IAG) 2007 monitoring and logging tools enable network management and auditing at both the network and application levels, as follows:

  • The event logging mechanism logs IAG-related events to a variety of tools and output formats, including information about usage, user activities, and potential security risks. You can monitor SSL connection attempts in the Windows Event Viewer.

  • Web Monitor is a monitoring and reporting Web application that enables anywhere and anytime snapshot viewing of events, as well as event filtering and analyzing.

Event logging

The IAG event logging mechanism logs and records IAG-related events to a variety of tools and output formats. Using the event logs, you can gather information about system usage, monitor user activities, be alerted about security risks, troubleshoot IAG, and assist remote users if they encounter problems while accessing the internal resources protected by IAG. IAG-related events recorded by the event logging mechanism are categorized as follows:

  • System events—Including service startup, service shutdown, and changes to the configuration.

  • Security events—Including login success or failure, security policy violation or change, and password change.

  • Session events—Including the number of sessions that are open through a trunk, session start or stop, and other session-related items

Event logging reporters

The events logged by the event logging mechanism can be used by various reporters, as follows:

  • The built-in reporter enables you to log the events in a format that can be used by the Web Monitor. In the Web Monitor, you can query and filter the events logged by the reporter according to type, time, and more. For more information, see Logging IAG events to the built-in reporter.

  • The RADIUS reporter reports events to a RADIUS Accounting server, either any external RADIUS Accounting server or a Windows RADIUS Accounting server installed on IAG. For more information, see Logging IAG events to a RADIUS server.

  • The Syslog reporter reports events to an external industry-standard Syslog server. For more information, see Logging IAG events to a Syslog server.

  • The mail reporter sends e-mail messages regarding specific events via a Simple Mail Transfer Protocol (SMTP) server. For more information, see Logging IAG events to an SMTP server.

Event logging messages

Event logging messages are defined in a message definitions file. All the applicable IAG interfaces are configured to send the relevant message when required. For example:

  • A message is sent each time the configuration is changed in the IAG Configuration console.

  • A message is sent whenever a user logs on to an IAG site.

If required, you can edit the default messages, define additional messages, or send messages from your own interfaces, such as custom authentication pages. For more information, see Customizing IAG event messages.

Web Monitor

Web Monitor is a monitoring and reporting Web application that enables you to view IAG-related events both from within the organization and from remote locations by using a Web browser. Access from remote locations is secured by IAG security mechanisms, such as URL inspection. In sites where an IAG array is deployed, you can monitor each of the IAG servers within the array from a single Web Monitor.

A constantly updating snapshot of system, administrative, and remote user activities can be used to assist users online, and troubleshoot any problems they may encounter while accessing the internal network via IAG. You can zoom into a user’s session in real-time and pinpoint errors and situations that hinder usability. Remote access to Web Monitor using an IAG portal provides you with secure anytime and anywhere monitoring of system and user activities, and it enables you to render users assistance while away from the office. Logs and queries are used to analyze usability variations and trends over time.

For example: a user notifies you that they cannot log into an application. When you zoom into the user’s session, you find that the application’s access policy requires that the Attachment Wiper is installed on the endpoint computer, but the user’s computer does not comply with this policy. You can instruct the user to download and install the IAG client endpoint components when they next access the site. Thereafter, they are able to access the application smoothly.

For more information about enabling access to Web Monitor, see Connecting to the IAG Web Monitor. For more information about using Web Monitor, see Working with IAG Web Monitor.