Re: ISA Logs Problem
- From: "Quillman Shawn (RBNA/CSA1)" <Shawn.Quillman@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 15 Apr 2004 13:02:10 -0400
Sweet, that's good to hear :) I like WebTrends, but my logs outgrew it. I had
to throw some serious memory at the box I ran it on. My logs were getting to
be > 1GB per day on each of my 2 proxies. I had to do some preparsing just to
do a specific user report and couldn't do any general reporting for more than a
day or two at a time. We ended up switching over to Elron's Internet Manager
now that they have dynamic LDAP support and can tie into AD without having to
setup import jobs for user information. We did that just before I transferred
out of the IT dept, though, so I don't really know how it's working for them.
Elron has the SurfControl database built into it for access restrictions and
categorization (I think it's SurfControl's) and I guarantee you that that part
is working... No more web mail for us! Which is, I gotta admin, as it should
be :)
-Shawn
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CSA1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-6969 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: cismic [mailto:cismic@xxxxxxx]
Sent: Thursday, April 15, 2004 12:38 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA Logs Problem
http://www.ISAserver.org
It is a good script too! I used it on my linux box for testing.
What do you think about WebTrends?
Thank you,
Joseph
----- Original Message -----
From: "Quillman Shawn (RBNA/CSA1)" <Shawn.Quillman@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, April 15, 2004 9:10 AM
Subject: [isalist] Re: ISA Logs Problem
http://www.ISAserver.org
The perl script is just a log converter, not an analyzer. It will take a
W3C formatted log and convert it to ISA format. I wrote it for a problem
similar to this. I had a slew of W3C formatted logs and an analyzer
(WebTrends Firewall Suite) that only accepted ISA formatted logs.
-Shawn
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CSA1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-6969 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: cismic [mailto:cismic@xxxxxxx]
Sent: Thursday, April 15, 2004 12:06 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA Logs Problem
http://www.ISAserver.org
Hi Ahmed,
There are a number of packages out there. I've actually written my own.
Although I do my queries when I get the data
into my database. Microsoft has the log parser which you can use to query
the data. Also, out on
http://isatools.org you can find a couple of other parsers. I think that
there even is a pearl script.
Thank you,
Joseph
----- Original Message -----
From: "Nabil, Ahmed" <anmahmou@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, April 15, 2004 4:04 AM
Subject: [isalist] Re: ISA Logs Problem
http://www.ISAserver.org
Thanks for the Info. How can I change then my logs to reflect my time, the
whole logs (Firewall, proxy.....etc)
Also do you know any Software to read my logs instead of the ISA format, a
software to filter and search for items.
Thanks,
Ahmed
-----Original Message-----
From: cismic [mailto:cismic@xxxxxxx]
Sent: Thursday, April 15, 2004 11:09 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA Logs Problem
http://www.ISAserver.org
Hi Nabil,
Logs are kept in what was used to be called greenwich time. or the 24 hour
clock etc.
Pacific time is -8 from the green wich time. Take a look at this
UTC OR GMT
I think that a good site for those who would like to know is
http://greenwichmeantime.com from this site you'll be able to determine
what your Zulu time settings should be. For example : convlog -ie
Logfile.log -t ncsa:-0800 is for the pacific time zone. The convlog also
has the following syntax available:
Usage: convlog [options] LogFile
Options:
-i<i|n|e> = input logfile type
i - MS Internet Standard Log File
n - NCSA Common Log File format
e - W3C Extended Log File Format
-t <ncsa[:GMTOffset] | none> default i
-o <output directory> default = curren
-x save non-www entries to a .dmp logf
-d = convert IP addresses to DNS
-l<0|1|2> = Date locale format for MS
0 - MM/DD/YY (default e.g. US)
1 - YY/MM/DD (e.g. Japan)
2 - DD.MM.YY (e.g. Germany)
Examples:
convlog -ii in*.log -d -t ncsa:+0800
convlog -in ncsa*.log -d
convlog -ii jra*.log -t none
----- Original Message -----
From: "Nabil, Ahmed" <anmahmou@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, April 15, 2004 12:18 AM
Subject: [isalist] ISA Logs Problem
http://www.ISAserver.org
Good morning All,
I am having two problems with my ISA Logs and I need your advice.
1. There is a time shift with almost 7 hours in the logs, its not showing
the correct exact time of each web request. How can I fix this issue ?
2. Its very hard to check these logs in this format, is there any well known
program to import this Logs to read it in an organized way ?
Thanks for your help,
Ahmed
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
anmahmou@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
