Hi Jim, I look forward to meeting lots of the folks from this list up there. Hey I have a question. When you look at the codes that MS provides that describe the s_cache_info You find things such as 0x00000020, 0x00008000 etc. I understand how they are doing that but the question I have relates to what actually is written to the web proxy logs. The web proxy logs lists items under s_cache_info as 0x42020015, 0x40020011 etc. Now naturally in doing a query Against my table that contains the s_cache_info codes I never get a match meaning that I'm unable to display A proper description to the user with regards to the correct cache info data. Is there a better break down of the web proxy log fields to help translate 0x42020015, 0x40020011 etc.? Thank you, Joseph -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, December 17, 2003 1:40 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Log Files http://www.ISAserver.org UDAMAN!!!! Lookin' forward to meeting you in Jan, dewd! Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "cismic" <cismic@xxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, December 17, 2003 13:06 Subject: [isalist] Log Files http://www.ISAserver.org Hi All, Log files are not only important to identifying visits to a site but to help identify weather or not you have malicious activity going on. I'm not a firm believer in writing directly to an ODBC db source from within ISA and have created scripts to assist me with importing scripts into my db. I've been working on these tasks for 2 years now. Learning a lot about ISA in the process. Script 1: Moves the log files to another location daily that's if you haven't setup a location different then the defaults and set them up to use appropriate security access. Script 2: Imports the Web Proxy Logs Script 3: Imports the Firewall Logs Script 4: Imports the packet filter logs Script 5: Process the event logs,( System, Security and Application) then imports into the Db Script 6: Imports Exchange server logs Script 7: Imports FTP Logs Script 8: Imports RRAS information Ok, you say, where are these wonderful scripts?? Well, I will send them To Jim Harrison for posting on his site on Christmas Eve at least that's what William would like for Christmas. And they will be available on my site http://www.stat-sphere.com after I get the rewrite and new graphics done before the end of the year. I have my hands full! Scripts by the way is just half the battle. I have SQL functions that parse the data into daily, weekly, monthly and yearly process. Hits by browser, country, user agents etc. If any of your are running IIS 5.0 or IIS 6.0, I plan on releasing a version of http://www.stat-sphere.com code where you can plug in the various modules that I've been working on the past 2 years. Thank you, Joseph ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')