I have seen a few people ask about how to analyse info from ISA server logs. I didn't see any answers so I went to see if I could figure it out.
I use ISA 2000 (sp2) as my Firewall and Proxy server. I wanted to see where all my bandwidth was going and for this perpose AWStats works great.
LogFormat="%host %logname %time2 %referer %bytesd %method %url %code"
LevelForBrowsersDetection=0 # 0 disables Browsers detection
LevelForOSDetection=0 # 0 disables OS detection.
You could probably turn off a few other things that arn't relevant.
Then on my ISA server I turned on logging for only the following fields.
Don't forget to stop the service and remove all the old log files and restart the service.
The idea here is to turn off analysis for fields that arn't available in the log then to turn off the display of things in the output that arn't relevant or don't contain any info.
I got my ideas on how to do this after creating a new config to monitor my email server logs by following the instructions on the web site.
Hope this helps someone trying to do the same thing.