First, read the ISA help which describes most of the log entries and what they mean to ISA. Second, read this KB, which fills in some of the missing pieces: http://support.microsoft.com/default.aspx?scid=284818 Third, play with a free log analyzer (htp://isatools.org lists one) Fourth, (anybody remenmber that link I sent out for log forensics?) Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Wed, 3 Sep 2003 10:50:38 +0800 "Lian Wee LOO" <lwloo@xxxxxxx> wrote: http://www.ISAserver.org How to analyze ISA IP, WEB and PROXY logs? My IP logs always very huge, and I am not sure whether the traffics coming from internal or external. Please advice. Thanks in advance. best regards, lwloo 2k'3 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* All mail from this domain is virus-scanned with RAV. www.ravantivirus.com ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*