RE: Parsing Web Proxy logs
- From: "Sean Faust" <sfaust@xxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 21 Mar 2003 10:06:25 -0500
Sorry for being incomplete but I thought from Tom's post that the incoming web
requests were being written to a separate log. We use the Web Proxy service in
ISA format.
Thanks, Sean
-----Original Message-----
From: Quillman Shawn (RBNA/CIT1.1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx]
Sent: Friday, March 21, 2003 10:03 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Parsing Web Proxy logs
The log file will be named differently depending on which log format you use.
ISA log format filenames (for the proxy service) begin with web.... and W3C
extended format filenames begin with webext. Then the next character depends
on how often you rotate logs, etc. If you don't use the web proxy service you
won't find any web* log files.
You can look in your log configuration in ISA management to find where your
logs are being stored...
-Shawn
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: Sean Faust [mailto:sfaust@xxxxxxxxxx]
Sent: Friday, March 21, 2003 9:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Parsing Web Proxy logs
http://www.ISAserver.org
Tom,
Where is that log file, I did a search but no luck. How do you turn up logging
for inbound requests?
-----Original Message-----
From: Quillman Shawn (RBNA/CIT1.1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx]
Sent: Friday, March 21, 2003 9:03 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Parsing Web Proxy logs
Use grep, it's better for the environment :-) That and a whole lot more
available with the Posix tools ported to NT (I think they were from GNU).
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Friday, March 21, 2003 8:59 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Parsing Web Proxy logs
http://www.ISAserver.org
http://www.ISAserver.org
Tolk
Senior Member
Member # 7872
<http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00007872> Member
Rated:
<http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00007872>
<http://forums.isaserver.org/ubb/icons/icon14.gif> posted March 20, 2003
04:35 AM
<http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00007872> Profile
for Tolk <http://localhost/> Author's Homepage
<http://forums.isaserver.org/ultimatebb.cgi?ubb=private_message;u=00007872>
Send New Private Message
<http://forums.isaserver.org/ultimatebb.cgi?ubb=edit_post;f=6;t=001572;reply_num=000002;u=00007872>
Edit/Delete Post
<http://forums.isaserver.org/ultimatebb.cgi?ubb=reply;f=6;t=001572;replyto=000002>
Reply With Quote
_____
You can even use good 'ol DOS commands.
find "W3ReverseProxy" webdyyyymmdd.log > hostedyyyymmdd.log
where (obviously I hope)
yyyy is for year
mm is for month
dd is for day
You'll have one logfile of all the requests from OUTSIDE for websites you host.
Bet you'll be amazed at how many <http://www.worm.com/> www.worm.com and other
CodeRed/Nimda derivative requests you get.!
HTH
Thomas W Shinder
<http://www.isaserver.org/shinder> www.isaserver.org/shinder
ISA Server and Beyond: <http://tinyurl.com/1jq1> http://tinyurl.com/1jq1
Configuring ISA Server: <http://tinyurl.com/1llp> http://tinyurl.com/1llp
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
