ISA Log file analysis software - suggestions?

From: Gary Palmer (gpalmer@educause.edu)
Date: 04/10/03

  • Next message: Michael W. Willis: "RE: checking server status" 
    Date: Thu, 10 Apr 2003 14:10:52 -0600
From: "Gary Palmer" <gpalmer@educause.edu>
To: <focus-ms@securityfocus.com>

    Our small business uses Microsoft's ISA server as both a firewall system
    and Web proxy. We have historically used Webtrends (NetIQ) products to
    analyze hits to our Web site. To keep things consistent, we bought the
    Webtrends Firewall Suite to analyze firewall logs for incoming and
    outgoing firewall and Web traffic, but learned after the fact from NetIQ
    support that, unfortunately, the Firewall Suite doesn't support for the
    analysis of incoming Web activity logs created by ISA (even though ISA
    is listed as one of the log types to be analyzed), and found that, sure
    enough, it doesn't work correctly with ISA Web proxy logs.

    I'm looking for product suggestions. We'd like to find analysis software
    that works with ISA Web proxy logs, and will accurately count web page
    hits, page views, and which allows filtering to zero in on the activity
    for specific pages and areas of the Web site. If it also does security
    analysis for ISA logs, so much the better, although the Firewall Suite
    actually does a good job in that area. Has anyone found an analysis tool
    that they're particularly happy with?

    Please feel free to respond to me directly if you prefer.

    Thanks in advance.

    Gary

    -------------------------------------------------
    Gary Palmer
    Security Administrator
    EDUCAUSE
    gpalmer@educause.edu
    (303) 939-0310

    ----------------------------------------------------------------------
    Block Spam, Smut & Viruses
    SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of
    technology including filtering embedded and attached file content. Rid your
    enterprise of unwanted content.
    http://www.securityfocus.com/SurfControl-focus-ms2
    Download your free fully functional trial, complete with 30-days of free
    technical support.
    ----------------------------------------------------------------------

  • Next message: Michael W. Willis: "RE: checking server status"

    Relevant Pages

    • RE: Problems with OWA in SBS 2003
      ... IIS server you cannot steady access OWA from Internet. ... Verify that ISA is not started if only the external NIC is enabled (or ... Please help to gather the ISA Logs, the following steps for ISA Server 2000: ... Double click ISA Server Firewall Service in the right pane, ...
      (microsoft.public.windows.server.sbs)
    • Re: ISA Server Problems
      ... Server 2003 SP2 or the Scalable Networking Pack ... please gather ISA Info and ISA Logs for me to check whether ... Click 'Configure Firewall Logging'. ...
      (microsoft.public.windows.server.sbs)
    • RE: IM & P2P packets
      ... Firewall? ... ISA? ... Logs? ... Regards ...
      (Security-Basics)
    • Re: Cant access ebay secure site since upgrage to SBS SP1 with ISA Server 2004
      ... The update to isa 2004 creates problem with incompatability with the ver 2000 firewall client. ... We may also gather the ISA logs: ...
      (microsoft.public.windows.server.sbs)
    • Re: Strange WAN Activity
      ... > firewall logs for a possible TCP FIN scan that keeps ... > company's intranet server IP and its port 80 across our ... > My firewall is a Sonicwall Pro 200 and I'm running W2K ... It's difficult to be sure without inspecting the web server for signs of ...
      (microsoft.public.win2000.security)