"hacking" is a relative term. One man's hack attempt is another's experimentation. What you want to do is review your logs for what you perceive as improper usage attempts. Murat Erentürk wrote a nice HTA that uses the IIS Log Analyzer to scan your ISa logs for data that you define. check it out at http://isatools.org/pla.zip. It requires the IIS Log Analyzer (also linked from isatools.org). Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! http://www.ISAserver.org I know that this is not to be asked here but I know that many experts from this group can help me with my problem. I would like to ask if you know of any software that will monitor transactions made by a certain user or IP? I would like to know if there are people in our company who tries to hack our own system or other company's systems. Thank you and more power! ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')