Tom, Where is that log file, I did a search but no luck. How do you turn up logging for inbound requests? -----Original Message----- From: Quillman Shawn (RBNA/CIT1.1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] Sent: Friday, March 21, 2003 9:03 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Parsing Web Proxy logs Use grep, it's better for the environment :-) That and a whole lot more available with the Posix tools ported to NT (I think they were from GNU). ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT1.1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Friday, March 21, 2003 8:59 AM To: [ISAserver.org Discussion List] Subject: [isalist] Parsing Web Proxy logs http://www.ISAserver.org http://www.ISAserver.org Tolk Senior Member Member # 7872 <http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00007872> Member Rated: <http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00007872> <http://forums.isaserver.org/ubb/icons/icon14.gif> posted March 20, 2003 04:35 AM <http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00007872> Profile for Tolk <http://localhost/> Author's Homepage <http://forums.isaserver.org/ultimatebb.cgi?ubb=private_message;u=00007872> Send New Private Message <http://forums.isaserver.org/ultimatebb.cgi?ubb=edit_post;f=6;t=001572;reply_num=000002;u=00007872> Edit/Delete Post <http://forums.isaserver.org/ultimatebb.cgi?ubb=reply;f=6;t=001572;replyto=000002> Reply With Quote _____ You can even use good 'ol DOS commands. find "W3ReverseProxy" webdyyyymmdd.log > hostedyyyymmdd.log where (obviously I hope) yyyy is for year mm is for month dd is for day You'll have one logfile of all the requests from OUTSIDE for websites you host. Bet you'll be amazed at how many <http://www.worm.com/> www.worm.com and other CodeRed/Nimda derivative requests you get.! HTH Thomas W Shinder <http://www.isaserver.org/shinder> www.isaserver.org/shinder ISA Server and Beyond: <http://tinyurl.com/1jq1> http://tinyurl.com/1jq1 Configuring ISA Server: <http://tinyurl.com/1llp> http://tinyurl.com/1llp ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')