[analog-help] ISA logs and INCLUDE EXCLUDE
Aimee Mandeville
aimee at edc.uri.edu
Tue May 8 12:24:46 PDT 2007
I am using ISA logs to try and determine website statistics for a
website on our server. The ISA logs keep track of everything coming
through our firewall. i.e. mail, website traffic from our internal
computers out to the internet as well as users hitting our 5 websites
hosted on the same server.
I am getting confused as to which INCLUDE EXCLUDE commands I should be
using. Ideally I would like to analyze one website at a time :
www.usawaterquality.org <http://www.usawaterquality.org/> . I would
like to get count of the number of hits this website it getting , who is
hitting it while excluding the hits the website it getting from internal
users.
I am thinking I want to use the INCLUDE and EXCLUDE commands but I am
not getting the expected results. Here are some lines of code.
#Software: Microsoft Internet Security and Acceleration Server 2004
#Version: 2.0
#Date: 2007-04-27 00:00:00
#Fields: c-ip cs-username c-agent date time
s-computername cs-referred r-host r-ip r-port
time-taken cs-bytes sc-bytes cs-protocol
s-operation cs-uri s-object-source sc-status rule
FilterInfo cs-Network sc-Network error-info
action
131.128.90.36 anonymous Mozilla/4.0 (compatible; MSIE 7.0;
Windows NT 5.1) 2007-04-27 00:00:27 TORCHEMADA
- 131.128.1.53 131.128.1.53 80 1 364
218 http GET
http://131.128.1.53/home/images/urilogo-sub.gif Inet 304
Internal to Internet - Internal External
0x180 Allowed
131.128.90.36 anonymous Mozilla/4.0 (compatible; MSIE 7.0;
Windows NT 5.1) 2007-04-27 00:00:27 TORCHEMADA
- 131.128.1.53 131.128.1.53 80 1 362
218 http GET
http://131.128.1.53/home/images/sub-visit.gif Inet 304
Internal to Internet - Internal External
0x180 Allowed
131.128.90.36 anonymous Mozilla/4.0 (compatible; MSIE 7.0;
Windows NT 5.1) 2007-04-27 00:00:27 TORCHEMADA
- 131.128.1.53 131.128.1.53 80 1 362
218 http GET
http://131.128.1.53/home/images/sub-pstud.gif Inet 304
Internal to Internet - Internal External
0x180 Allowed
131.128.90.36 anonymous Mozilla/4.0 (compatible; MSIE 7.0;
Windows NT 5.1) 2007-04-27 00:00:27 TORCHEMADA
- 131.128.1.53 131.128.1.53 80 1 361
218 http GET
http://131.128.1.53/home/images/sub-stud.gif Inet 304
Internal to Internet - Internal External
0x180 Allowed
74.6.87.40 anonymous Mozilla/5.0 (compatible; Yahoo!
Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
2007-04-27 00:00:29 TORCHEMADA -
www.usawaterquality.org 131.128.90.13 80 1
200 1065 http GET http://131.128.90.13/robots.txt
Inet 200 www.usawaterquality.org -
External - 0x500 Allowed
207.230.13.10 anonymous NewsAlloy/1.1
(http://www.NewsAlloy.com; 1 subscribers) 2007-04-27
00:00:30 TORCHEMADA - geospatial.uri.edu
131.128.90.30 80 1 203 15422 http GET
http://131.128.90.30/rigis.xml Inet 200
geospatial.uri.edu - External - 0x400
Allowed
141.150.44.108 anonymous Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; MSN 9.0; MSNbVZ02; MSNmen-us; MSNcOTH; MPLUS)
2007-04-27 00:00:37 TORCHEMADA -
www.edc.uri.edu 131.128.90.11 80 1 458
188 http GET
http://131.128.90.11/restoration/html/gallery/images/birds/aplaty_b.jpg
Inet 304 www.edc.uri.edu -
External - 0x180 Allowed
Thanks again for any help.
Aimee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.meer.net/pipermail/analog-help/attachments/20070508/3eaf0726/attachment.html
More information about the analog-help
mailing list