RE: ISA Log file analysis software - suggestions?
From: Woods Robert (Robert.Woods@bmwgroup.ca)
Date: 04/10/03
- Previous message: Sridhar Nomula: "RE: checking server status"
- Maybe in reply to: Gary Palmer: "ISA Log file analysis software - suggestions?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Woods Robert <Robert.Woods@bmwgroup.ca> To: 'Gary Palmer' <gpalmer@educause.edu>, focus-ms@securityfocus.com Date: Thu, 10 Apr 2003 16:22:50 -0400
Hey Gary,
I have used SurfControl WebFilter on MS Proxy and ISA Server, and it works
as expected. Draw backs are expensive licensing and yearly subscriptions to
URL Category Database, and you have to limit rulesets to ~7 rules otherwise
functionality gets quirky.. On the other hand, Surf Control uses it's own
log format, and reporting tools, so it's straight forward, and does the job.
Adding in trusted domains to have one internet gateway is also easy to
configure and manage.
Funny, another place I have been at had the same issues as yourself.
Logging, and inconsistencies with information in the logs. I'll talk to
them and see if they found any resolution..
Robert
-----Original Message-----
From: Gary Palmer [mailto:gpalmer@educause.edu]
Sent: Thursday, April 10, 2003 4:11 PM
To: focus-ms@securityfocus.com
Subject: ISA Log file analysis software - suggestions?
Our small business uses Microsoft's ISA server as both a firewall system
and Web proxy. We have historically used Webtrends (NetIQ) products to
analyze hits to our Web site. To keep things consistent, we bought the
Webtrends Firewall Suite to analyze firewall logs for incoming and
outgoing firewall and Web traffic, but learned after the fact from NetIQ
support that, unfortunately, the Firewall Suite doesn't support for the
analysis of incoming Web activity logs created by ISA (even though ISA
is listed as one of the log types to be analyzed), and found that, sure
enough, it doesn't work correctly with ISA Web proxy logs.
I'm looking for product suggestions. We'd like to find analysis software
that works with ISA Web proxy logs, and will accurately count web page
hits, page views, and which allows filtering to zero in on the activity
for specific pages and areas of the Web site. If it also does security
analysis for ISA logs, so much the better, although the Firewall Suite
actually does a good job in that area. Has anyone found an analysis tool
that they're particularly happy with?
Please feel free to respond to me directly if you prefer.
Thanks in advance.
Gary
-------------------------------------------------
Gary Palmer
Security Administrator
EDUCAUSE
gpalmer@educause.edu
(303) 939-0310
----------------------------------------------------------------------
Block Spam, Smut & Viruses
SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of
technology including filtering embedded and attached file content. Rid your
enterprise of unwanted content.
http://www.securityfocus.com/SurfControl-focus-ms2
Download your free fully functional trial, complete with 30-days of free
technical support.
----------------------------------------------------------------------
----------------------------------------------------------------------
Block Spam, Smut & Viruses
SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of
technology including filtering embedded and attached file content. Rid your
enterprise of unwanted content.
http://www.securityfocus.com/SurfControl-focus-ms2
Download your free fully functional trial, complete with 30-days of free
technical support.
----------------------------------------------------------------------
- Previous message: Sridhar Nomula: "RE: checking server status"
- Maybe in reply to: Gary Palmer: "ISA Log file analysis software - suggestions?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
