Re: ISA Reports

You might want to talk to Dana Epp about this who recently build a
dashboard for looking at the ISA log files

There was some thing he hit where the log files weren't laying down a
consistent file numbering sequence and he found a KB article on it.

I can't remember the details but he had to work around it.

http://www.scorpionsoft.com/products/fwdashboard/

He'd probably be a good resource for you.

> This is a multi-part MIME message.
> 
> --=_reb-r59E00E3F-t440E5462
> Content-Type: text/plain;
>       charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> 
> We recently installed an ISA server 2004 standard edition box [1]as a repla=
> cement for Microsoft Proxy server 2.0[2] as part of a complete re-design or=
>  our Internet Gateway.  Overall the ISA box is working very well but we are=
>  having problems with producing  customised reports on Internet usage.
> 
> Initially we set-up the ISA box to use a local MDSE database for logging fo=
> r both the firewall and the proxy services but found getting the relevant d=
> ata out of these logs impossible[3].=20
> 
> Ultimately we will probably log to one of our internal SQL boxes and use SQ=
> L reporting services to produce the reports we want[4].  Currently I have r=
> e-set the ISA box to simply use text logging as theses are almost identical=
>  to the old logs we used to get off proxy server - while this is fine for t=
> he current data I still have a number of old MSDE log files we want to get =
> the data from.   I wrote a quick command script to use the MSDEtoText vb sc=
> ript to export the data to text files.  This worked perfectly for the firew=
> all logs but what I tried to run it against the web proxy logs I got errors=
>  on about 10% of the log files - most of them worked fine.=20
> 
> On some of the logs I got an error saying "Either BOF or EOF is true, or th=
> e current record has been deleted. Requested operation requires a current r=
> ecord"  and on others an error saying "Cannot open database requested in lo=
> gin `ISALOG_yyymmdd_WEB.000' login fails".
> 
> I haven't been able to find anything relevant on TechNet or with Google yet=
> . =20
> 
> Any clues as to how to extract the data from these logs or where else to st=
> art looking?
> 
> Also - is our idea of moving to SQL and reporting services[5] a viable opti=
> on or are we better to stay with the simplicity of text logs?
> 
> Thanks
> 
> -Ec
> 
> 1 With SP1 loaded
> 2 Proxy server was only used to control internal users access to the 'net a=
> nd provide logging for producing
>    custom reports of staff use on the 'net
> 3 so far at least.
> 4 We already use Reporting Services for a number of other reports.
> 5 With  failover to text logging as per one of the docs on ISAServer.org
> 
> --=_reb-r59E00E3F-t440E5462
> Content-Type: text/html;
>       charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> 
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
> <HTML>
> <HEAD>
> 
> 
> <TITLE>ISA Reports</TITLE>
> </HEAD>
> <BODY>
> <!-- Converted from text/rtf format -->
> 
> <P><FONT FACE=3D"Arial" SIZE=3D"2">We recently installed an ISA server 2004=
>  standard edition box [1]as a replacement for Microsoft Proxy server 2.0[2]=
>  as part of a complete re-design or our Internet Gateway.&nbsp; Overall the=
>  ISA box is working very well but we are having problems with producing&nbs=
> p; customised reports on Internet usage.</FONT></P>
> 
> <P><FONT FACE=3D"Arial" SIZE=3D"2">Initially we set-up the ISA box to use a=
>  local MDSE database for logging for both the firewall and the proxy servic=
> es but found getting the relevant data out of these logs impossible[3]. </F=
> ONT></P>
> 
> <P><FONT FACE=3D"Arial" SIZE=3D"2">Ultimately we will probably log to one o=
> f our internal SQL boxes and use SQL reporting services to produce the repo=
> rts we want[4].&nbsp; Currently I have re-set the ISA box to simply use tex=
> t logging as theses are almost identical to the old logs we used to get off=
>  proxy server - while this is fine for the current data I still have a numb=
> er of old MSDE log files we want to get the data from.&nbsp;&nbsp; I wrote =
> a quick command script to use the MSDEtoText vb script to export the data t=
> o text files.&nbsp; This worked perfectly for the firewall logs but what I =
> tried to run it against the web proxy logs I got errors on about 10% of the=
>  log files - most of them worked fine. </FONT></P>
> 
> <P><FONT FACE=3D"Arial" SIZE=3D"2">On some of the logs I got an error sayin=
> g &quot;Either BOF or EOF is true, or the current record has been deleted. =
> Requested operation requires a current record&quot;&nbsp; and on others an =
> error saying &quot;Cannot open database requested in login `ISALOG_yyymmdd_=
> WEB.000' login fails&quot;.</FONT></P>
> 
> <P><FONT FACE=3D"Arial" SIZE=3D"2">I haven't been able to find anything rel=
> evant on TechNet or with Google yet.&nbsp; </FONT>
> </P>
> 
> <P><FONT FACE=3D"Arial" SIZE=3D"2">Any clues as to how to extract the data =
> from these logs or where else to start looking?</FONT>
> </P>
> 
> <P><FONT FACE=3D"Arial" SIZE=3D"2">Also - is our idea of moving to SQL and =
> reporting services[5] a viable option or are we better to stay with the sim=
> plicity of text logs?</FONT></P>
> 
> <P><FONT FACE=3D"Arial" SIZE=3D"2">Thanks</FONT>
> </P>
> 
> <P><FONT FACE=3D"Arial" SIZE=3D"2">-Ec</FONT>
> </P>
> 
> <P><FONT FACE=3D"Arial" SIZE=3D"2">1 With SP1 loaded</FONT>
> 
> <BR><FONT FACE=3D"Arial" SIZE=3D"2">2 Proxy server was only used to control=
>  internal users access to the 'net and provide logging for producing</FONT>
> 
> <BR><FONT FACE=3D"Arial" SIZE=3D"2">&nbsp;&nbsp; custom reports of staff us=
> e on the 'net</FONT>
> 
> <BR><FONT FACE=3D"Arial" SIZE=3D"2">3 so far at least.</FONT>
> 
> <BR><FONT FACE=3D"Arial" SIZE=3D"2">4 We already use Reporting Services for=
>  a number of other reports.</FONT>
> 
> <BR><FONT FACE=3D"Arial" SIZE=3D"2">5 With&nbsp; failover to text logging a=
> s per one of the docs on ISAServer.org</FONT>
> </P>
> 
> </BODY>
> </HTML>
> --=_reb-r59E00E3F-t440E5462--


Other related posts: