Re: Log Files

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 17 Dec 2003 15:28:30 -0800

Actually, the list of s-cache-info codes lists individual meanings.
What you have to do is a binary analysis of the actual logged code to
determine what combination of header and cache values are appropriate.
It's similar to what ISAInfo does for the logging field analysis; you need
to break down the logged value into bit positions and evaluate them on that
basis.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "cismic" <cismic@xxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, December 17, 2003 14:41
Subject: [isalist] Re: Log Files


http://www.ISAserver.org

Hi Jim,
I look forward to meeting lots of the folks from this list up there.

Hey I have a question.  When you look at the codes that MS provides that
describe the s_cache_info
You find things such as 0x00000020, 0x00008000 etc.  I understand how
they are doing that but the question
I have relates to what actually is written to the web proxy logs.

The web proxy logs lists items under s_cache_info as 0x42020015,
0x40020011 etc.  Now naturally in doing a query
Against my table that contains the s_cache_info codes I never get a
match meaning that I'm unable to display
A proper description to the user with regards to the correct cache info
data.

Is there a better break down of the web proxy log fields to help
translate 0x42020015, 0x40020011 etc.?

Thank you,

Joseph

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, December 17, 2003 1:40 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Log Files


http://www.ISAserver.org

UDAMAN!!!!
Lookin' forward to meeting you in Jan, dewd!

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG  http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "cismic" <cismic@xxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, December 17, 2003 13:06
Subject: [isalist] Log Files


http://www.ISAserver.org

Hi All,

Log files are not only important to identifying visits to a site but to
help identify weather or not you have malicious activity going on. I'm
not a firm believer in writing directly to an ODBC db source from within
ISA and have created scripts to assist me with importing scripts into my
db.  I've been working on these tasks for 2 years now.  Learning a lot
about ISA in the process.

Script 1:  Moves the log files to another location daily that's if you
haven't setup a location different then the defaults and
               set them up to use appropriate security access.

Script 2:  Imports the Web Proxy Logs

Script 3:  Imports the Firewall Logs

Script 4:  Imports the packet filter logs

Script 5:  Process the event logs,( System, Security and Application)
then imports into the Db

Script 6:  Imports Exchange server logs

Script 7: Imports FTP Logs

Script 8: Imports RRAS information

Ok, you say, where are these wonderful scripts??  Well, I will send them
To Jim Harrison for posting on his site on Christmas Eve at least that's
what William would like for Christmas.  And they will be available on my
site http://www.stat-sphere.com after I get the rewrite and new graphics
done before the end of the year.  I have my hands full!

Scripts by the way is just half the battle.  I have SQL functions that
parse the data into daily, weekly, monthly and yearly process. Hits by
browser, country, user agents etc.  If any of your are running IIS 5.0
or IIS 6.0, I plan on releasing a version of http://www.stat-sphere.com
code where you can plug in the various modules that I've been working on
the past 2 years.

Thank you,

Joseph


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » RE: Log Files
• » RE: Log Files
• » RE: Log Files
• » RE: Log Files
• » RE: Log Files
• » RE: Log Files
• » Log Files
• » RE: Log Files
• » RE: Log Files
• » RE: Log Files
• » Log Files
• » RE: Log Files
• » RE: Log Files
• » RE: Log Files
• » Log Files
• » Re: Log Files
• » Log Files
• » Re: Log Files
• » Re: Log Files
• » Re: Log Files
• » Re: Log Files
• » RE: Log Files
• » RE: Log Files

1. Home
2. isalist
3. Archive
4. 12-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---