Re: Log Files

• From: "cismic" <cismic@xxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 17 Dec 2003 14:41:27 -0800

Hi Jim,
I look forward to meeting lots of the folks from this list up there.

Hey I have a question.  When you look at the codes that MS provides that
describe the s_cache_info 
You find things such as 0x00000020, 0x00008000 etc.  I understand how
they are doing that but the question
I have relates to what actually is written to the web proxy logs.

The web proxy logs lists items under s_cache_info as 0x42020015,
0x40020011 etc.  Now naturally in doing a query
Against my table that contains the s_cache_info codes I never get a
match meaning that I'm unable to display 
A proper description to the user with regards to the correct cache info
data. 

Is there a better break down of the web proxy log fields to help
translate 0x42020015, 0x40020011 etc.?

Thank you,

Joseph

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Wednesday, December 17, 2003 1:40 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Log Files


http://www.ISAserver.org

UDAMAN!!!!
Lookin' forward to meeting you in Jan, dewd!

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG  http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "cismic" <cismic@xxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, December 17, 2003 13:06
Subject: [isalist] Log Files


http://www.ISAserver.org

Hi All,

Log files are not only important to identifying visits to a site but to
help identify weather or not you have malicious activity going on. I'm
not a firm believer in writing directly to an ODBC db source from within
ISA and have created scripts to assist me with importing scripts into my
db.  I've been working on these tasks for 2 years now.  Learning a lot
about ISA in the process.

Script 1:  Moves the log files to another location daily that's if you
haven't setup a location different then the defaults and
               set them up to use appropriate security access.

Script 2:  Imports the Web Proxy Logs

Script 3:  Imports the Firewall Logs

Script 4:  Imports the packet filter logs

Script 5:  Process the event logs,( System, Security and Application)
then imports into the Db

Script 6:  Imports Exchange server logs

Script 7: Imports FTP Logs

Script 8: Imports RRAS information

Ok, you say, where are these wonderful scripts??  Well, I will send them
To Jim Harrison for posting on his site on Christmas Eve at least that's
what William would like for Christmas.  And they will be available on my
site http://www.stat-sphere.com after I get the rewrite and new graphics
done before the end of the year.  I have my hands full!

Scripts by the way is just half the battle.  I have SQL functions that
parse the data into daily, weekly, monthly and yearly process. Hits by
browser, country, user agents etc.  If any of your are running IIS 5.0
or IIS 6.0, I plan on releasing a version of http://www.stat-sphere.com
code where you can plug in the various modules that I've been working on
the past 2 years.

Thank you,

Joseph


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

• » RE: Log Files
• » RE: Log Files
• » RE: Log Files
• » RE: Log Files
• » RE: Log Files
• » RE: Log Files
• » Log Files
• » RE: Log Files
• » RE: Log Files
• » RE: Log Files
• » Log Files
• » RE: Log Files
• » RE: Log Files
• » RE: Log Files
• » Log Files
• » Re: Log Files
• » Log Files
• » Re: Log Files
• » Re: Log Files
• » Re: Log Files
• » Re: Log Files
• » RE: Log Files
• » RE: Log Files

1. Home
2. isalist
3. Archive
4. 12-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---