-----Original Message----- From: cismic [mailto:cismic@xxxxxxx] Sent: Friday, 5 September 2003 1:12 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: How to analyze ISA Logs http://www.ISAserver.org Hi Jim, I think that this is the link you were referring too. Joseph http://www.securityfocus.com/infocus/1712 -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, September 02, 2003 9:22 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: How to analyze ISA Logs http://www.ISAserver.org First, read the ISA help which describes most of the log entries and what they mean to ISA. Second, read this KB, which fills in some of the missing pieces: http://support.microsoft.com/default.aspx?scid=284818 Third, play with a free log analyzer (htp://isatools.org lists one) Fourth, (anybody remenmber that link I sent out for log forensics?) Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Wed, 3 Sep 2003 10:50:38 +0800 "Lian Wee LOO" <lwloo@xxxxxxx> wrote: http://www.ISAserver.org How to analyze ISA IP, WEB and PROXY logs? My IP logs always very huge, and I am not sure whether the traffics coming from internal or external. Please advice. Thanks in advance. best regards, lwloo 2k'3 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* All mail from this domain is virus-scanned with RAV. www.ravantivirus.com ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: michael.bright@xxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')