Re: Anonymous in logs, by default?
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 4 Feb 2002 19:46:17 -0800
MessageYou make perfect sense (especially about the beverage; now I'm
thirsty..); you'd like to control what ISA dumps into the logs.
Unfortunately, one of criteria for ICSA certification is that ISA places in the
logs whatever the service in question actually sees.
That was the motivation for HF51 and HF54.
What you can do is parse the logs with a script and dump the results into a SQL
database for some real data mining fun...
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: Smith, Carl
To: [ISAserver.org Discussion List]
Sent: Monday, February 04, 2002 13:05
Subject: [isalist] Re: Anonymous in logs, by default?
http://www.ISAserver.org
I find most of the problems I run into are usually addressed by the emails
you send out. I appreciate your help immensely, if you are ever in Iowa and in
need of some carbonated refreshments of your choice let me know and I can make
sure you are setup.
Flattery aside, here is the problem I see with this. We are using ISA for a
proxy server only. We have a third party firewall, and ISA will sit behind
that. So basically we are just doing web proxy services for the enterprise
with ISA. This will serve as a server that does nothing more then web proxy
services. So when you think of that, the extraneous log entries (it seems to
double each entry, one for anonymous, one for authenticated) are doing nothing
really then creating really big log files and sapping memory to provide them.
As for the reporting, that is not a big problem, I can eliminate them in our
reporting structure. I'm more worried about initial size and overhead for
reporting.
This make sense or did I ramble again?
Thanks - Carl W. Smith
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Saturday, February 02, 2002 9:41 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Anonymous in logs, by default?
http://www.ISAserver.org
That's a quote from one of my responses (I feel so famous, now).
The component that's using the default behavior is every browser that's been
written in the last few years, not the ISA itself.
Consequently, the task of disabling this default behavior isn't one I care to
take on..
ISA should log everything it sees. If the very basic ISA reports are bugging
you, then you'll want to investigate a third-party solution.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: Smith, Carl
To: [ISAserver.org Discussion List]
Sent: Thursday, January 31, 2002 14:32
Subject: [isalist] Anonymous in logs, by default?
http://www.ISAserver.org
I read through the emails, poked on the site, and I could find an answer so
I will pose it here, because I'm sure I missed it:
When a browser sends a Get request for a Uniform Resource Locator (URL) to
the proxy server, the browser first attempts an anonymous connection. If
authentication is required, there are additional requests made by the client
computer that pass these credentials to ISA Server. Each of these requests are
recorded in the logs of ISA Server.
By default, each request sent to ISA Server is logged, which can include
both unsuccessful and successful attempts.
What I'm wondering is the words, "by default". Can you turn this off? I
can find where or how to do it if it is at all possible. This is a general
question in relation to ISA and W3C logs. Please help.
Thanks -- Carl W. Smith
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cwsmith@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
