Managing ISA Logs

[VRIT]

Dear all,

It has got to the stage where I need to produce reports on Internet access. I have used the reports but find that it removes to much information so I have been using the log files directly.

However as you probably all know these logs are 20Mb+ (normally), so I have been importing them into Excel. Even thought it is easier to see what is what it still isnt that easy to go through.

I was hoping that you lot could come up with some workable solutions, be it 3rd party tools or clever ideas that you have used.

Many thanks in advance

VRIT

 

[Webflex]

VRIT

There are many commercial tools that will do this job for you, with log files of about 270Mb a day I use Webtrends (Now NetIQ) Firewall Suite.

Regards,

 

[930driver]

I dump the logs to a database instead of to file. Then I can use sql queries to get just what I want. The one trick it took me quite a while to realize is that ISA doesn't like to log to anything but a MS database. Access can't hold more than 2 gigs, so that's unworkable, and SQLServer is too expensive. I ended up with a Postgres database and I fool ISA by setting up an Access database with linked tables to Postgres. Then I log to the Access database which in turn passes the data to the real database.

Before I learned the trick of using Access to fool ISA I was importing the text files into a database in order to run queries, but it's much nicer to just dump straight to the database.

"The Key, The Whole Key, and Nothing But The Key, So Help Me Codd!"