Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / Small Business Server / SBS 2000 / March 2004

Tip: Looking for answers? Try searching our database.

ISA logs to usable reports

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
IBC - 29 Mar 2004 18:22 GMT
Has anybody devised a 'quick and dirty' way to make usable reports out of
the ISA logs? The ones that come with SBS are fine, but they don't give you
important info like who is going where. I've grown tired of digging through
ISA logs in excel to track down what machine is spewing looking for the
weather. The format seems universal enough (TAB delimited) that I would
think you could have access create usable reports. (or even use SQL).
Unfortunately I know nothing about Access or SQL, so I'm hoping that
somebody has already crafted an easy template. If not, I'm going to have to
dig in and learn Access/SQL and make something myself. (a years worth of
learning to save an hours worth of work seems wrong.....)

Thanks!
Reply to this Message
Jim Behning - 30 Mar 2004 03:14 GMT
ISA has a graphical reports function built in where the report opens
as a web page with most popular sites, user's traffic and other stuff.
Open the ISA console and work your way to the reports tab. Create a
report. Note that there has been some issue with enter credentials. I
don't bother enter credentials when setting up the reports. You can
scedule the reports to run immediately or on days of the week at a
certain time.

>Has anybody devised a 'quick and dirty' way to make usable reports out of
>the ISA logs? The ones that come with SBS are fine, but they don't give you
[quoted text clipped - 8 lines]
>
>Thanks!

Jim B. SBS  MVP
remove the mvp to send email
Reply to this Message
IBC - 30 Mar 2004 04:57 GMT
Hi Jim,

as I mentioned, I'm aware of the ones that come with SBS, but I don't find
them very useful for tracking who went where. It doesn't do me much good to
see 50% of the traffic is going to porn if I can't see WHO was going there.

Thanks.

> ISA has a graphical reports function built in where the report opens
> as a web page with most popular sites, user's traffic and other stuff.
[quoted text clipped - 19 lines]
> Jim B. SBS  MVP
> remove the mvp to send email
Reply to this Message
Jim Behning - 30 Mar 2004 14:36 GMT
Sorry. At one account I saw a lot of traffic from a user. I also saw a
lot of porn traffic. I mentioned the porn/excessive traffic in hearing
range of that user who's ears perked up. I believe he did not know
they was that kind of tracking. Now you have me curious about more
specific tracking.

>Hi Jim,
>
[quoted text clipped - 30 lines]
>> Jim B. SBS  MVP
>> remove the mvp to send email

Jim B. SBS  MVP
remove the mvp to send email
Reply to this Message
IBC - 30 Mar 2004 16:20 GMT
Oh, there is PLENTY of detail inthe logs, just import one into excel. The
hitch is getting them into useful sortable reports. Since I don't KNOW about
databases, I was guessing that they are the answer, but upon doing more
research I'm thinking maybe not unless you happen to be a GURU.

I kinda thought our local PNSF (paranoid nutball security fanatic) Susan
might have an idea.......(PNSF used tounge in cheek and with the utmost
respect)

> Sorry. At one account I saw a lot of traffic from a user. I also saw a
> lot of porn traffic. I mentioned the porn/excessive traffic in hearing
[quoted text clipped - 39 lines]
> Jim B. SBS  MVP
> remove the mvp to send email
Reply to this Message
Jim Behning - 31 Mar 2004 00:38 GMT
http://isaserver.org/tutorials/userinfo.html ?

>Oh, there is PLENTY of detail inthe logs, just import one into excel. The
>hitch is getting them into useful sortable reports. Since I don't KNOW about
[quoted text clipped - 57 lines]
>> Jim B. SBS  MVP
>> remove the mvp to send email

Jim B. SBS  MVP
remove the mvp to send email
Reply to this Message
IBC - 31 Mar 2004 05:00 GMT
I'm already logging everything ISA lets me. What I want to do is be able to
sort by name, or destination, or most hits, or exclude sites, etc. I can do
some of this by importing the reports into excel and doing an autosort on
them, but I'd like nice reports I can present to the owner when needed. The
built in reports will tell me that playboy.com accounted for x% of all
traffic, but I have to dig into the logs to find out WHO went there.

I can't believe I'm the only one using ISA who wants more detail in the
reports, not just the logs....

> http://isaserver.org/tutorials/userinfo.html ?
>
[quoted text clipped - 62 lines]
> Jim B. SBS  MVP
> remove the mvp to send email
Reply to this Message
Jim Behning - 31 Mar 2004 16:17 GMT
I run into "I can't believe I am the only" often enough. Sometimes I
get lucky and find the answer with google.com

>I'm already logging everything ISA lets me. What I want to do is be able to
>sort by name, or destination, or most hits, or exclude sites, etc. I can do
[quoted text clipped - 80 lines]
>> Jim B. SBS  MVP
>> remove the mvp to send email

Jim B. SBS  MVP
remove the mvp to send email
Reply to this Message
IBC - 31 Mar 2004 16:32 GMT
Well, I've been doing _some_ googling, but not intensive just yet. I guess
at this point I'm willing to make a tool on my own to do it if I have to,
but that means starting from square one. I have no experience in databases,
the last programming class I took was Fortran (7 years ago...haven't used it
since....barely used it then come to think of it...) so I guess I have
myself a project. I've always said the best way to learn something is to
actually need to use it.

Thanks for all your help in trying to find an answer Jim.

~The quest begins~

> I run into "I can't believe I am the only" often enough. Sometimes I
> get lucky and find the answer with google.com
[quoted text clipped - 86 lines]
> Jim B. SBS  MVP
> remove the mvp to send email
Reply to this Message
IBC - 31 Mar 2004 18:10 GMT
Turns out the reports generated by ISA are Access files. Simply renaming
them to MDB gets them into Access. Now I can start trying to create a report
that I can use.....

> Well, I've been doing _some_ googling, but not intensive just yet. I guess
> at this point I'm willing to make a tool on my own to do it if I have to,
[quoted text clipped - 120 lines]
> > Jim B. SBS  MVP
> > remove the mvp to send email
Reply to this Message
super - 31 Mar 2004 23:57 GMT
This is what we use, learned about it from this newsgroup about a year
or two ago?    Check it out...
http://www.loggerythm.com/
Sample reports
http://www.loggerythm.com/ISAWeb/index.html

>I'm already logging everything ISA lets me. What I want to do is be able to
>sort by name, or destination, or most hits, or exclude sites, etc. I can do
[quoted text clipped - 80 lines]
>> Jim B. SBS  MVP
>> remove the mvp to send email
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.