Log Files
- From: "cismic" <cismic@xxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Wed, 17 Dec 2003 13:06:35 -0800
Hi All,
Log files are not only important to identifying visits to a site but to
help identify weather or not you have malicious activity going on.
I'm not a firm believer in writing directly to an ODBC db source from
within ISA and have created scripts to assist me with
importing scripts into my db. I've been working on these tasks for 2
years now. Learning a lot about ISA in the process.
Script 1: Moves the log files to another location daily that's if you
haven't setup a location different then the defaults and
set them up to use appropriate security access.
Script 2: Imports the Web Proxy Logs
Script 3: Imports the Firewall Logs
Script 4: Imports the packet filter logs
Script 5: Process the event logs,( System, Security and Application)
then imports into the Db
Script 6: Imports Exchange server logs
Script 7: Imports FTP Logs
Script 8: Imports RRAS information
Ok, you say, where are these wonderful scripts?? Well, I will send them
To Jim Harrison for posting on his site on Christmas Eve
at least that's what William would like for Christmas. And they will be
available on my site http://www.stat-sphere.com after I get the rewrite
and
new graphics done before the end of the year. I have my hands full!
Scripts by the way is just half the battle. I have SQL functions that
parse the data into daily, weekly, monthly and yearly process.
Hits by browser, country, user agents etc. If any of your are running
IIS 5.0 or IIS 6.0, I plan on releasing a version of
http://www.stat-sphere.com
code where you can plug in the various modules that I've been working on
the past 2 years.
Thank you,
Joseph
Other related posts:
