A quick and dirty method that I use almost daily is grep. You can at least narrow down your logs to lines relevant to what you're looking for. grep and tail are part of the gnu posix tools ported over to Windows. I forget exactly what toolset they were originally a part of, but you can find them easily enough. Examples: > grep " 407 " webd20020815.log will find all the 407 errors (unfortunately will also find files that were 407 bytes, etc) > grep "192.168.1.1" webd20020815.log will find requests to/from that address > grep " 500 " webd20020815.log > servererrors.txt will find HTTP 500 codes (and 500 byte files, etc) and dump them to servererrors.txt and used in conjuction with tail > tail -f webd20020815.log | grep -i " joeusername " will display your logfile in realtime but only show lines with " joeusername ", which is probably the authenticated user field of the log. Thus giving you one person's activity that that point in time. I use this in conjunction with ISA Admin and WebTrends Firewall Suite to do all my monitoring / reporting. -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT7 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Mark Hippenstiel [mailto:mark@xxxxxxxxxxxx] Sent: Thursday, August 15, 2002 3:21 PM To: [ISAserver.org Discussion List] Subject: [isalist] Report analysis tool http://www.ISAserver.org Hi, Can anybody recommend an analysis tool that can help track down errors? I find it very hard to have to look into huge logiles to pick the information by hand. Thanks Mark ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')