[isalist] Re: Best way to track down issue from Generated Report?
- From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Tue, 25 Jul 2006 18:37:02 -0400
The best way is to track that user down using the logs. But first you
need to change over to MSDE logging. It's already installed for you so
may as well use it then you can search the logs at will without having
to resort to the log parser. While you have Monitoring open click on
Configure Firewall Logging, select MSDE. Do the same for Web Proxy
Logging. From this point forward you'll be able to search the logs right
here by defining your query.
Right now, it's Excel for you. Open the log file with Excel, sort by
Client IP or what ever information you've got and you'll be able to
locate the PC that's downloading music or movies on work time.
Amy Babinchak
Harbor Computer Services
http://isainsbs.blogspot.com
http://keepitsecure.blogspot.com
http://www.harborcomputerservices.net
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jonathon J. Howey
Sent: Tuesday, July 25, 2006 6:20 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Best way to track down issue from Generated
Report?
If your "I'll reply again" was in regards to this thread, I did not
receive it then.
FW Client installed: Already was
SBS created (probably from ISA 2000 upgrade) a "SBS Internet Users"
group which all the rules use, so unless something is broken with that,
anonymous / "All Users" shouldn't be a problem...
Jonathon J. Howey
MENSE Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxxx
Defining the Future of Industry
www.MENSE.ca <http://www.mense.ca/>
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Steve Moffat
Sent: July 25, 2006 2:39 PM
To: ISA Mailing List
Subject: [isalist] Re: Best way to track down issue from Generated
Report?
I'll reply again.
You need to install the FW client, disallow the anonymous requests,
create a user group within ISA and apply the user group to your internet
access rule.
S
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jonathon J. Howey
Sent: Tuesday, July 25, 2006 5:35 PM
To: ISA Mailing List
Subject: [isalist] Best way to track down issue from Generated Report?
Last try
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jonathon J. Howey
Sent: July 17, 2006 11:11 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Best way to track down issue from Generated Report?
Hi,
For a 7-day period, the report is saying that one user downloaded 11.53
GB. What's the best way to track down where this data came from, what
time, etc? (ie which log, etc.)? I tried using MS Log Parser, but all
the logs seem to have are wpad/wspad.dat lookups for the *.129 IP.
No User Requests % of Total Requests Bytes In % of Total Bytes In Bytes
Out % of Total Bytes Out Total Bytes % of Total Bytes 1 192.168.100.129
11756 1.70 % 11.53 GB 46.70 % 909.96 MB 5.90 % 12.41 GB 31.10 %
Thanks.
Jonathon J. Howey
MENSE Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxxx
Defining the Future of Industry
www.MENSE.ca <http://www.mense.ca/>
Other related posts:
