RE: Parsing Web Proxy logs
- From: "Sean Faust" <sfaust@xxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 21 Mar 2003 09:50:11 -0500
Tom,
Where is that log file, I did a search but no luck. How do you turn up logging
for inbound requests?
-----Original Message-----
From: Quillman Shawn (RBNA/CIT1.1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx]
Sent: Friday, March 21, 2003 9:03 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Parsing Web Proxy logs
Use grep, it's better for the environment :-) That and a whole lot more
available with the Posix tools ported to NT (I think they were from GNU).
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Friday, March 21, 2003 8:59 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Parsing Web Proxy logs
http://www.ISAserver.org
http://www.ISAserver.org
Tolk
Senior Member
Member # 7872
<http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00007872> Member
Rated:
<http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00007872>
<http://forums.isaserver.org/ubb/icons/icon14.gif> posted March 20, 2003
04:35 AM
<http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00007872> Profile
for Tolk <http://localhost/> Author's Homepage
<http://forums.isaserver.org/ultimatebb.cgi?ubb=private_message;u=00007872>
Send New Private Message
<http://forums.isaserver.org/ultimatebb.cgi?ubb=edit_post;f=6;t=001572;reply_num=000002;u=00007872>
Edit/Delete Post
<http://forums.isaserver.org/ultimatebb.cgi?ubb=reply;f=6;t=001572;replyto=000002>
Reply With Quote
_____
You can even use good 'ol DOS commands.
find "W3ReverseProxy" webdyyyymmdd.log > hostedyyyymmdd.log
where (obviously I hope)
yyyy is for year
mm is for month
dd is for day
You'll have one logfile of all the requests from OUTSIDE for websites you host.
Bet you'll be amazed at how many <http://www.worm.com/> www.worm.com and other
CodeRed/Nimda derivative requests you get.!
HTH
Thomas W Shinder
<http://www.isaserver.org/shinder> www.isaserver.org/shinder
ISA Server and Beyond: <http://tinyurl.com/1jq1> http://tinyurl.com/1jq1
Configuring ISA Server: <http://tinyurl.com/1llp> http://tinyurl.com/1llp
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
