Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Filter to store hostnames in WebProxy logs
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Filter to store hostnames in WebProxy logs - 7.Mar.2007 1:14:23 AM
|
|
|
SandyAnderson
Posts: 12
Joined: 7.Mar.2007
Status: offline
|
Recently, I made a filter, that stores hostnames in webproxy logs (effective for SecureNAT and Firewall clients). It wasn't a magic - it was simple. (take a look at the source - just a page!). http://rapidshare.com/files/19489306/hostlogger.zip.html
|
|
|
|
|
RE: Filter to store hostnames in WebProxy logs - 12.Mar.2007 3:39:16 AM
|
|
|
stevcoll
Posts: 19
Joined: 21.Jan.2007
Status: offline
|
sounds too good to be true. how do we know it's not a virus? LOL
|
|
|
|
|
RE: Filter to store hostnames in WebProxy logs - 12.Mar.2007 1:04:16 PM
|
|
|
SandyAnderson
Posts: 12
Joined: 7.Mar.2007
Status: offline
|
Too good? Why? I am Russian – that is the cause. We like freeware. And we like to develop it too. Mysterious russian soul - you know... To make your sure it's not a spyware or something, I can recommend you to compile the source, but ... I guess you’re not a programmer. But if you are: get Visual Studio .NET (2003 and above), get ISA Server 2004 SDK. Help section (chm) has a text of the registration code. It can be used completely (with a few modifications). But the simplest way – get the sample “web response modifier” from SDK, replace main.cpp, taken from my HostLogger bundle and compile it. The dll will be different (may be longer), but you will be sure – it’s safe. This is the only way, I think.
|
|
|
|
|
RE: Filter to store hostnames in WebProxy logs - 12.Mar.2007 1:27:48 PM
|
|
|
elmajdal
Posts: 5074
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
Hi sandy,
Interesting !!!
so it has the same job as LogHostname from http://www.collectivesoftware.com/Products/ ?
quote:
Tired of seeing IP addresses in your ISA Log's URL column? For Proxy clients that use SecureNAT, and Firewall Clients that cannot use the "automatic configuration" setting, ISA records each URL as an IP address only. LogHostname seamlessly integrates into the ISA 2004/2006 logging facility and shows the complete URL as entered in the client's web browser.
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Filter to store hostnames in WebProxy logs - 12.Mar.2007 1:35:50 PM
|
|
|
SandyAnderson
Posts: 12
Joined: 7.Mar.2007
Status: offline
|
Not sure, but ... I believe there are not so much places, from where host name can be retrieved.
|
|
|
|
|
RE: Filter to store hostnames in WebProxy logs - 12.Mar.2007 1:55:28 PM
|
|
|
elmajdal
Posts: 5074
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
i am not that good in programming , so explain this to me please.
in certain situations, reports log visited sites with IP address instead of URL hostname.
So does your filter removes these IP Address and log hostnames instead ??
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Filter to store hostnames in WebProxy logs - 12.Mar.2007 2:48:47 PM
|
|
|
SandyAnderson
Posts: 12
Joined: 7.Mar.2007
Status: offline
|
In fact, to understand the reason, why ISA logs IPs instead hostnames, you need to know, how http is working. When your browser connects to proxy, all tasks to form the request packet, lies upon that proxy. And ISA just logs all that you typing at the address field in your browser. When client connects thru NAT (or Firewall Client software), browser itself resolves host name (asks DNS-server) and forms request packet. Destination of this packet is an IP address of the site. And ISA decides (IMHO), that this information (IP-address of a destination host) is more important than anything else. But if you look inside each http-request, you will found host-field, when the host name resides. Filter just take this information and stores it instead of an IP-address in prepared target-string (url-field in logs). Although, keep in mind, that not of all the requests has a host name in the host-field. But the most of it. Some urls can be formed by scripts. In this case IP-address is present in the host-field. It’s also the case of a POST-command processing.
|
|
|
|
|
RE: Filter to store hostnames in WebProxy logs - 12.Mar.2007 7:20:18 PM
|
|
|
elmajdal
Posts: 5074
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
Hi Sandy,
Thanks for the clarification !!
I will start refering to users that has IP addresses in their reports to your Hostname logger , hopefully they will get the hostnames instead of the IP addresses using your filter.
Regards,
Tarek
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Filter to store hostnames in WebProxy logs - 13.Mar.2007 2:47:11 AM
|
|
|
stevcoll
Posts: 19
Joined: 21.Jan.2007
Status: offline
|
Seems to be working on ISA 2006. I installed the filter and changed one of my clients (proxy) to securenat. And it still shows the hostnames in the logs! Bravo!
I'll keep you posted if there are any issues. Nice Work!
|
|
|
|
|
RE: Filter to store hostnames in WebProxy logs - 15.Mar.2007 8:28:39 AM
|
|
|
ITEngineer
Posts: 258
Joined: 3.Feb.2006
Status: offline
|
mmm seems interesting, i'm gonna try it on my ISA 2006 SE and will report back.
|
|
|
|
|
RE: Filter to store hostnames in WebProxy logs - 15.Mar.2007 12:53:50 PM
|
|
|
Capsella
Posts: 23
Joined: 15.Nov.2006
Status: offline
|
(deleted)
C.
|
|
|
|
|
RE: Filter to store hostnames in WebProxy logs - 16.Mar.2007 4:34:18 PM
|
|
|
Jim Harrison
Posts: 231
Joined: 5.May2001
From: Redmond, WA
Status: offline
|
Not to p155 in anyone's Cheerios, but this sort of mechanism has the potential to DoS the ISA pretty badly.
1. this mechanism depends on reverse-name-lookups, which can take up to two minutes under some circumstances.
2. anyone who has spent any amount of time actually evaluating internet name resolution understands that reverse-lookups on the Inertnet are completely unreliable
It's an interesting problem space, but not very useful in reality.
_____________________________
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
My ISAServer.org Stuff
My Site
|
|
|
|
RE: Filter to store hostnames in WebProxy logs - 17.Mar.2007 12:30:38 AM
|
|
|
SandyAnderson
Posts: 12
Joined: 7.Mar.2007
Status: offline
|
Russians have an old joke. May be, not only russians. It doesn't relate to nazism - just a kind joke. When Chukcha (small but proud northern nation, like eskimos) has arrived to Moscow to learn, to be writer graduated in the university, he has been asked: "What book you recently have read?". He answers: "Chukcha is not the reader, Chukcha is the writer."
Please, read this topic. There is no "reverse-lookups" in the "mechanism".
< Message edited by SandyAnderson -- 18.Mar.2007 12:03:08 AM >
|
|
|
|
|
RE: Filter to store hostnames in WebProxy logs - 17.Mar.2007 3:35:51 AM
|
|
|
ITEngineer
Posts: 258
Joined: 3.Feb.2006
Status: offline
|
worked perfectly with my SNAT clients.
|
|
|
|
|
RE: Filter to store hostnames in WebProxy logs - 17.Jul.2007 12:21:19 PM
|
|
|
Taps
Posts: 10
Joined: 13.Sep.2001
From: Atlanta, GA
Status: offline
|
Quite possible I am missing the obvious....
Does this also change the IP to FQDN in the logging section?
|
|
|
|
|
RE: Filter to store hostnames in WebProxy logs - 17.Jul.2007 1:35:20 PM
|
|
|
ferrix
Posts: 369
Joined: 16.Mar.2005
Status: offline
|
Several people are asking about this in comparison to LogHostname (which I know about, since I wrote it)
I didn't look at the source code of the filter from this thread, but I definitely agree that it is a simple thing to build a filter that replaces the IP address in the URL field by the host name. This is why LHN is so inexpensive to license.. we try not to charge crazy prices for simple things.
To answer the question: LogHostname features in addition to this, a nice installer program, checking to ensure it isn't a spoofed header, matches Host header to A records, and employs synchronization objects so there's no chance of crashing on highly loaded servers. (Oh and you have someone to call if you need support)
I think it's fantastic any time someone starts coding to the ISA filter API and contributes to the community, and this is a great starting point for a simple filter that pretty much everyone needs. My company sold LogHostname for a couple years and I don't grumble if an open source solution comes along to supercede it. LHN will still be there for companies that prefer a supported solution.
Cheers to fellow ISA filter devs!
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
and the cost ( TOTALLY FREE ) 
