RE: Parsing Web Proxy logs

• From: "Quillman Shawn (RBNA/CIT1.1) *" <Shawn.Quillman@xxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 21 Mar 2003 10:03:22 -0500

The log file will be named differently depending on which log format you
use.  ISA log format filenames (for the proxy service) begin with web....
and W3C extended format filenames begin with webext.  Then the next
character depends on how often you rotate logs, etc.  If you don't use the
web proxy service you won't find any web* log files.
 
You can look in your log configuration in ISA management to find where your
logs are being stored...
 
-Shawn

----- 
Shawn R. Quillman 
Robert Bosch Corporation RBNA/CIT1.1 
38000 Hills Tech Drive 
Farmington Hills, MI  48331 
(248) 553-1164 (P)     (248) 848-2855 (F) 
shawn.quillman@xxxxxxxxxxxx 

-----Original Message-----
From: Sean Faust [mailto:sfaust@xxxxxxxxxx]
Sent: Friday, March 21, 2003 9:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Parsing Web Proxy logs


http://www.ISAserver.org


Tom,
 
Where is that log file, I did a search but no luck.  How do you turn up
logging for inbound requests?
 

-----Original Message-----
From: Quillman Shawn (RBNA/CIT1.1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx]
Sent: Friday, March 21, 2003 9:03 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Parsing Web Proxy logs


Use grep, it's better for the environment :-)  That and a whole lot more
available with the Posix tools ported to NT (I think they were from GNU).
 
----- 
Shawn R. Quillman 
Robert Bosch Corporation RBNA/CIT1.1 
38000 Hills Tech Drive 
Farmington Hills, MI  48331 
(248) 553-1164 (P)     (248) 848-2855 (F) 
shawn.quillman@xxxxxxxxxxxx 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Friday, March 21, 2003 8:59 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Parsing Web Proxy logs


http://www.ISAserver.org

http://www.ISAserver.org



BM_000002Tolk 
Senior Member 
Member # 7872 

 <http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00007872>
Member Rated:
 <http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00007872>
<http://forums.isaserver.org/ubb/icons/icon14.gif> posted March 20, 2003
04:35 AM
<http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00007872>
Profile for Tolk     <http://localhost/> Author's Homepage
<http://forums.isaserver.org/ultimatebb.cgi?ubb=private_message;u=00007872>
Send New Private Message
<http://forums.isaserver.org/ultimatebb.cgi?ubb=edit_post;f=6;t=001572;reply
_num=000002;u=00007872> Edit/Delete Post
<http://forums.isaserver.org/ultimatebb.cgi?ubb=reply;f=6;t=001572;replyto=0
00002> Reply With Quote  

  _____  

You can even use good 'ol DOS commands.

find "W3ReverseProxy" webdyyyymmdd.log > hostedyyyymmdd.log

where (obviously I hope)
yyyy is for year
mm is for month
dd is for day

You'll have one logfile of all the requests from OUTSIDE for websites you
host.
Bet you'll be amazed at how many  <http://www.worm.com/> www.worm.com and
other CodeRed/Nimda derivative requests you get.!

HTH 
 
Thomas W Shinder
 <http://www.isaserver.org/shinder> www.isaserver.org/shinder 
ISA Server and Beyond:  <http://tinyurl.com/1jq1> http://tinyurl.com/1jq1
Configuring ISA Server:  <http://tinyurl.com/1llp> http://tinyurl.com/1llp

 
 
 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts:

• » Parsing Web Proxy logs
• » RE: Parsing Web Proxy logs
• » RE: Parsing Web Proxy logs
• » RE: Parsing Web Proxy logs
• » RE: Parsing Web Proxy logs
• » RE: Parsing Web Proxy logs

1. Home
2. isalist
3. Archive
4. 03-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---