RE: Packet log for all clients

• From: "cismic" <cismic@xxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 22 Dec 2003 12:47:37 -0800

Hi Ram,

I'm not a fan of using the ODBC drivers directly from within ISA.  I
prefer moving my logs to a "secure" location. Where I have processes
that read those logs and then place into an SQL database.
Packet Filter will be different then the webproxy and firewall logs. The
webproxy and firewall logs have the same format.
PACKET FILTER:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/isa/isa
logfields_8okz.asp
WEBPROXY/FIREWALL:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/isa/isa
logfields_8okz.asp

I've not seen Sql 2000 blatantly put extra characters at the end of
fields when using the isa odbc driver. If a field is defend at 50
varchar or nvarchar and if you place 10 in that field then the field
length should be variable. If you do this simple statement from the SQL
Northwinds database:
SELECT LEN(CompanyName) AS 'Length', CompanyName
FROM customers
You will see the variable length of the CompanyName.  When you just
query with in QSQL the width on the screen will be the width of each
field in the database thus making it look like extra characters have
been placed on the field.

100 CLIENTS can be handled by ISA quite well.  It will generate some
larger log files that you will have to filter.

Joseph


-----Original Message-----
From: Ramakrishna Y [mailto:ram@xxxxxxxxxxxx] 
Sent: Monday, December 22, 2003 3:25 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Packet log for all clients


http://www.ISAserver.org

Hi Joseph

Why Iam preferring to put the log info into the database is, we can
build reports with simple SQL statements. That's the only reaon.

But my main question was will all 3 types clients are generating
different formats. I want it to be in WebProxy format so that I can
analyze it clearly.

I did not understood "Have you done an sql length of the database field
in question against the actual data".

My site will be normally busy very much. I've around 100 clients sharing
the network. So is this the reason?

Regards
Ram

----- Original Message -----
From: "cismic" <cismic@xxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, December 22, 2003 3:38 PM
Subject: [isalist] RE: Packet log for all clients


> http://www.ISAserver.org
>
> Hi Ram,
> I like setting up the logs to log the maximum type of data.  The web 
> proxy log has a different format then the packet and firewall logs. In

> my back to back system.  When I add the data to the sql database I 
> identify what machine the logs are coming from.
>
> I'm not a big fan of logging directly to the sql database.  I like 
> moving my logs to a secure "undisclosed location" and then process 
> those into sql.  I remove all trailing chars.  I'm not sure what is 
> happening to your logs with the varchar.  Have you done an sql length 
> of the database field in question against the actual data?
>
> And, yes if your site is busy it can occupy the logs very quickly.
>
> Joseph
>
> -----Original Message-----
> From: Ramakrishna Y [mailto:ram@xxxxxxxxxxxx]
> Sent: Sunday, December 21, 2003 10:50 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Packet log for all clients
>
>
> http://www.ISAserver.org
>
> Hi,
>
> Will ISA log all the packets into log files for all types of 
> clients(WebProxy, SNAT, Firwall Client)? I could see different formats

> for each of them. WebProxy client logs are fine. I want all those 
> details which are there in WebProxy clients for the other type of 
> connections also so that I can give a detailed reporting of the sites 
> visited also..Will this be possible with ISA Server?
>
> Also I need a clarification. I've configured ISA reporting to ODBC 
> (SQL Server). While testing for 10 mts, the database has gone to 50MB.

> When I check the database, all the values are filled with trailing 
> spaces as if the datatype is CHAR type. But the datatype defined was 
> VARCHAR only. Why all the trailing spaces are going to database? If 
> I've a field of length 128, and the value is only 50 characters, I 
> could see remaining 78 characters as spaces. Any idea how its 
> happenning.? Iam running an evaluation of ISA Server.
>
> Regards
> Ram
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com No.1 
> Exchange Server Resource Site: http://www.msexchange.org Windows 
> Security Resource Site: http://www.windowsecurity.com/ Network 
> Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> cismic@xxxxxxx To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com No.1 
> Exchange Server Resource Site: http://www.msexchange.org Windows 
> Security Resource Site: http://www.windowsecurity.com/ Network 
> Security Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
ram@xxxxxxxxxxxx
> To unsubscribe send a blank email to 
> $subst('Email.Unsub')
>


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

• » Packet log for all clients
• » RE: Packet log for all clients
• » RE: Packet log for all clients
• » RE: Packet log for all clients

1. Home
2. isalist
3. Archive
4. 12-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---