How I got ISA Loging to work.

2004-10-20
2012-10-11
  • Daivd Pollard
    Daivd Pollard
    2004-10-20

    Hi There,

    I have seen a few people ask about how to analyse info from ISA server logs. I didn't see any answers so I went to see if I could figure it out.

    I use ISA 2000 (sp2) as my Firewall and Proxy server. I wanted to see where all my bandwidth was going and for this perpose AWStats works great.

    I created a new conf file and made the following changes.

    LogFormat="%host %logname %time2 %referer %bytesd %method %url %code"
    LogSeparator="\t"
    DNSLookup=1
    LevelForBrowsersDetection=0 # 0 disables Browsers detection
    LevelForOSDetection=0 # 0 disables OS detection.

    ShowDomainsStats=0
    ShowRobotsStats=0
    ShowOSStats=0
    ShowBrowsersStats=0
    ShowOriginStats=0
    ShowKeyphrasesStats=0
    ShowKeywordsStats=0


    You could probably turn off a few other things that arn't relevant.

    Then on my ISA server I turned on logging for only the following fields.

    c-ip
    cs-username
    date
    time
    cs-referer
    sc-bytes
    s-operation
    sc-uri
    sc-status

    Don't forget to stop the service and remove all the old log files and restart the service.
    The idea here is to turn off analysis for fields that arn't available in the log then to turn off the display of things in the output that arn't relevant or don't contain any info.

    I got my ideas on how to do this after creating a new config to monitor my email server logs by following the instructions on the web site.

    Hope this helps someone trying to do the same thing.

    David.