NAP Reporting
Applies To: Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista
NAP reporting provides essential information about the overall health state of your network, including the level of compliance, the number of NAP transactions, and any risks that might be present. A well-designed NAP reporting infrastructure can help you address potential problems before they are serious, and resolve problems quickly. For information about the different types of NAP reports and an example of a NAP reporting design, see Track Compliance with Security Policies.
NAP event logging
NAP events are logged by the NAP health policy server as NPS events. The following RADIUS packets are logged, and contain detailed client information stored in XML format:
Access request
Access accept
Access reject
Accounting requests (start, stop, interim)
Important
For detailed information about managing NPS logging in Windows Server 2008 and Windows Server 2008 R2, see Managing Accounting in NPS (https://go.microsoft.com/fwlink/?LinkID=182588).
For more information about interpreting log files, see Interpret NPS Database Format Log Files (https://go.microsoft.com/fwlink/?LinkID=182592).
NPS can log data in text or SQL-compatible formats. Although it is possible to generate reports from text logs, NAP reporting is much simpler when you choose to log in SQL format. To build NAP reports using SQL, you must configure NPS to perform SQL Server logging. The following sections describe components of a NAP reporting infrastructure and some of the options that are available with SQL Server logging.
Components of NAP reporting
A NAP reporting infrastructure requires the following components:
NPS. A NAP health policy server that has been configured to perform SQL Server logging.
SQL Server. The computer running Microsoft® SQL Server™ or SQL Server Express where the NPS log data is stored.
SQL Server Reporting Services. A computer running Microsoft SQL Server Reporting Services where your configured SQL Server reports will be stored.
SQL Server logging considerations
NPS can send logging data to a SQL Server database on the local computer or on a remote server.
Note
If NPS is unable to log client events due to a loss of connectivity to the SQL Server database, it will deny all network access requests. To minimize this risk, configure NPS to log events on the local computer.
If you log data on the local server running NPS, you can also forward or replicate logs to a central computer running SQL Server. You can install SQL Server or SQL Server Express. SQL Server Express is less expensive, but does not support all of the features of SQL Server. The following are some considerations for SQL Server logging scenarios:
Scenario 1: Log to SQL Server on NPS
Simple to design and implement for a single server running NPS.
More complex and costly than other designs if you have multiple servers running NPS.
Scenario 2: Log to SQL Server Express on NPS, forward data to central computer running SQL Server
Low cost for multiple servers running NPS.
No user impact if connectivity to the central computer running SQL Server is lost.
Highly complex to design and implement.
Replication is not available on SQL Server Express.
Scenario 3: Log to SQL Server on NPS, replicate to central computer running SQL Server
Highest cost design.
No user impact if connectivity to the central computer running SQL Server is lost.
Moderately complex to design and implement.
Scenario 4: Log to remote computer running SQL Server
Simple to design and implement for a single server running NPS.
High risk for user impact if connectivity to the remote computer running SQL Server is lost.