RE: Report analysis tool
- From: "Quillman Shawn (RBNA/CIT7)" <Shawn.Quillman@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 15 Aug 2002 14:35:56 -0500
A quick and dirty method that I use almost daily is grep. You can at least
narrow down your logs to lines relevant to what you're looking for. grep
and tail are part of the gnu posix tools ported over to Windows. I forget
exactly what toolset they were originally a part of, but you can find them
easily enough.
Examples:
> grep " 407 " webd20020815.log
will find all the 407 errors (unfortunately will also find files that were
407 bytes, etc)
> grep "192.168.1.1" webd20020815.log
will find requests to/from that address
> grep " 500 " webd20020815.log > servererrors.txt
will find HTTP 500 codes (and 500 byte files, etc) and dump them to
servererrors.txt
and used in conjuction with tail
> tail -f webd20020815.log | grep -i " joeusername "
will display your logfile in realtime but only show lines with " joeusername
", which is probably the authenticated user field of the log. Thus giving
you one person's activity that that point in time.
I use this in conjunction with ISA Admin and WebTrends Firewall Suite to do
all my monitoring / reporting.
-Shawn
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT7
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: Mark Hippenstiel [mailto:mark@xxxxxxxxxxxx]
Sent: Thursday, August 15, 2002 3:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Report analysis tool
http://www.ISAserver.org
Hi,
Can anybody recommend an analysis tool that can help track down errors?
I find it very hard to have to look into huge logiles to pick the
information by hand.
Thanks
Mark
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
