The log file will be named differently depending on which log format you use. ISA log format filenames (for the proxy service) begin with web.... and W3C extended format filenames begin with webext. Then the next character depends on how often you rotate logs, etc. If you don't use the web proxy service you won't find any web* log files. You can look in your log configuration in ISA management to find where your logs are being stored... -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT1.1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Sean Faust [mailto:sfaust@xxxxxxxxxx] Sent: Friday, March 21, 2003 9:50 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Parsing Web Proxy logs http://www.ISAserver.org Tom, Where is that log file, I did a search but no luck. How do you turn up logging for inbound requests? -----Original Message----- From: Quillman Shawn (RBNA/CIT1.1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] Sent: Friday, March 21, 2003 9:03 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Parsing Web Proxy logs Use grep, it's better for the environment :-) That and a whole lot more available with the Posix tools ported to NT (I think they were from GNU). ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT1.1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Friday, March 21, 2003 8:59 AM To: [ISAserver.org Discussion List] Subject: [isalist] Parsing Web Proxy logs http://www.ISAserver.org http://www.ISAserver.org BM_000002Tolk Senior Member Member # 7872 <http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00007872> Member Rated: <http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00007872> <http://forums.isaserver.org/ubb/icons/icon14.gif> posted March 20, 2003 04:35 AM <http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00007872> Profile for Tolk <http://localhost/> Author's Homepage <http://forums.isaserver.org/ultimatebb.cgi?ubb=private_message;u=00007872> Send New Private Message <http://forums.isaserver.org/ultimatebb.cgi?ubb=edit_post;f=6;t=001572;reply _num=000002;u=00007872> Edit/Delete Post <http://forums.isaserver.org/ultimatebb.cgi?ubb=reply;f=6;t=001572;replyto=0 00002> Reply With Quote _____ You can even use good 'ol DOS commands. find "W3ReverseProxy" webdyyyymmdd.log > hostedyyyymmdd.log where (obviously I hope) yyyy is for year mm is for month dd is for day You'll have one logfile of all the requests from OUTSIDE for websites you host. Bet you'll be amazed at how many <http://www.worm.com/> www.worm.com and other CodeRed/Nimda derivative requests you get.! HTH Thomas W Shinder <http://www.isaserver.org/shinder> www.isaserver.org/shinder ISA Server and Beyond: <http://tinyurl.com/1jq1> http://tinyurl.com/1jq1 Configuring ISA Server: <http://tinyurl.com/1llp> http://tinyurl.com/1llp ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')