Re: Alerts but empty log files

  • From: "Joseph" <cismic@xxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 25 Jan 2002 12:20:04 -0800

I think that a good site for those who would like to know is
http://greenwichmeantime.com  from this site you'll be able to determine
what your Zulu time settings should be. For example :  convlog -ie
Logfile.log -t ncsa:-0800 is for the pacific time zone. The convlog also
has the following syntax available:

Usage: convlog [options] LogFile
Options:
-i<i|n|e> = input logfile type
    i - MS Internet Standard Log File
    n - NCSA Common Log File format
    e - W3C Extended Log File Format
    -t <ncsa[:GMTOffset] | none> default i
    -o <output directory> default = curren
    -x save non-www entries to a .dmp logf
    -d = convert IP addresses to DNS
    -l<0|1|2> = Date locale format for MS
                    0 - MM/DD/YY (default e.g. US)
                    1 - YY/MM/DD (e.g. Japan)
                    2 - DD.MM.YY (e.g. Germany)

Examples:
convlog -ii in*.log -d -t ncsa:+0800
convlog -in ncsa*.log -d
convlog -ii jra*.log -t none

Joseph

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Friday, January 25, 2002 10:21 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Alerts but empty log files

http://www.ISAserver.org


Careful; by default, the logs are in GMT...

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!

----- Original Message -----
From: "Larissa Aigner" <laigner@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, January 25, 2002 07:06
Subject: [isalist] Alerts but empty log files


http://www.ISAserver.org


When I looked at the log files this morning the first time of entry in
all
3 logs was at 9:21 am.  I got several of the following alerts during the
night and in the morning before 9:21 am.

"ISA Server alert: A packet with invalid IP options was detected and the
packet was dropped."

My question is how come there is nothing in the logs before 9:21 am?  If
I
got these alerts before then, shouldn't there be entries in the IP log
for
those alerts?

Thanks,
Larissa

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 01-2002