• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Filter to store hostnames in WebProxy logs

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting >> Filter to store hostnames in WebProxy logs Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Filter to store hostnames in WebProxy logs - 7.Mar.2007 1:14:23 AM   
SandyAnderson

 

Posts: 15
Joined: 7.Mar.2007
Status: offline
Recently, I made a filter, that stores hostnames in webproxy logs (effective for SecureNAT and Firewall clients). It wasn't a magic - it was simple. (take a look at the source - just a page!). http://rapidshare.com/files/19489306/hostlogger.zip.html
Post #: 1
RE: Filter to store hostnames in WebProxy logs - 12.Mar.2007 3:39:16 AM   
stevcoll

 

Posts: 19
Joined: 21.Jan.2007
Status: offline
sounds too good to be true. how do we know it's not a virus? LOL

(in reply to SandyAnderson)
Post #: 2
RE: Filter to store hostnames in WebProxy logs - 12.Mar.2007 1:04:16 PM   
SandyAnderson

 

Posts: 15
Joined: 7.Mar.2007
Status: offline
Too good? Why? I am Russian – that is the cause. We like freeware. And we like to develop it too. Mysterious russian soul - you know... To make your sure it's not a spyware or something, I can recommend you to compile the source, but ... I guess you’re not a programmer. But if you are: get Visual Studio .NET (2003 and above), get ISA Server 2004 SDK. Help section (chm) has a text of the registration code. It can be used completely (with a few modifications). But the simplest way – get the sample “web response modifier” from SDK, replace main.cpp, taken from my HostLogger bundle and compile it. The dll will be different (may be longer), but you will be sure – it’s safe. This is the only way, I think.

(in reply to stevcoll)
Post #: 3
RE: Filter to store hostnames in WebProxy logs - 12.Mar.2007 1:27:48 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi sandy,

Interesting !!!

so it has the same job as LogHostname from http://www.collectivesoftware.com/Products/ ?

quote:

Tired of seeing IP addresses in your ISA Log's URL column? For Proxy clients that use SecureNAT, and Firewall Clients that cannot use the "automatic configuration" setting, ISA records each URL as an IP address only. LogHostname seamlessly integrates into the ISA 2004/2006 logging facility and shows the complete URL as entered in the client's web browser.  




_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to SandyAnderson)
Post #: 4
RE: Filter to store hostnames in WebProxy logs - 12.Mar.2007 1:35:50 PM   
SandyAnderson

 

Posts: 15
Joined: 7.Mar.2007
Status: offline
Not sure, but ... I believe there are not so much places, from where host name can be retrieved.

(in reply to elmajdal)
Post #: 5
RE: Filter to store hostnames in WebProxy logs - 12.Mar.2007 1:55:28 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
i am not that good in programming , so explain this to me please.

in certain situations,  reports log visited sites with IP address instead of URL hostname.

So does your filter removes these IP Address and log hostnames instead ??

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to SandyAnderson)
Post #: 6
RE: Filter to store hostnames in WebProxy logs - 12.Mar.2007 2:48:47 PM   
SandyAnderson

 

Posts: 15
Joined: 7.Mar.2007
Status: offline
In fact, to understand the reason, why ISA logs IPs instead hostnames, you need to know, how http is working. When your browser connects to proxy, all tasks to form the request packet, lies upon that proxy. And ISA just logs all that you typing at the address field in your browser. When client connects thru NAT (or Firewall Client software), browser itself resolves host name (asks DNS-server) and forms request packet. Destination of this packet is an IP address of the site. And ISA decides (IMHO), that this information (IP-address of a destination host) is more important than anything else. But if you look inside each http-request, you will found host-field, when the host name resides. Filter just take this information and stores it instead of an IP-address in prepared target-string (url-field in logs). Although, keep in mind, that not of all the requests has a host name in the host-field. But the most of it. Some urls can be formed by scripts. In this case IP-address is present in the host-field. It’s also the case of a POST-command processing.

(in reply to elmajdal)
Post #: 7
RE: Filter to store hostnames in WebProxy logs - 12.Mar.2007 2:59:41 PM   
stevcoll

 

Posts: 19
Joined: 21.Jan.2007
Status: offline
elmajdal,

not to get off topic but can you take a look at this post when you get a chance? thanks

http://forums.isaserver.org/m_2002040434/mpage_1/key_/tm.htm#2002040434

(in reply to elmajdal)
Post #: 8
RE: Filter to store hostnames in WebProxy logs - 12.Mar.2007 7:20:18 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi Sandy,

Thanks for the clarification !!

I will start refering to users that has IP addresses in their reports to your Hostname logger , hopefully they will get the hostnames instead of the IP addresses using your filter.


Regards,
Tarek

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to SandyAnderson)
Post #: 9
RE: Filter to store hostnames in WebProxy logs - 13.Mar.2007 2:47:11 AM   
stevcoll

 

Posts: 19
Joined: 21.Jan.2007
Status: offline
Seems to be working on ISA 2006. I installed the filter and changed one of my clients (proxy) to securenat. And it still shows the hostnames in the logs! Bravo!

I'll keep you posted if there are any issues. Nice Work!

(in reply to elmajdal)
Post #: 10
RE: Filter to store hostnames in WebProxy logs - 15.Mar.2007 8:27:04 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi all,

This filter is available now on : http://www.elmajdal.net/ISAServer/HostLogger.aspx


Thanks to SandyAnderson



_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to SandyAnderson)
Post #: 11
RE: Filter to store hostnames in WebProxy logs - 15.Mar.2007 8:28:39 AM   
ITEngineer

 

Posts: 270
Joined: 3.Feb.2006
Status: offline
mmm seems interesting, i'm gonna try it on my ISA 2006 SE and will report back.


(in reply to elmajdal)
Post #: 12
RE: Filter to store hostnames in WebProxy logs - 15.Mar.2007 12:53:50 PM   
Capsella

 

Posts: 23
Joined: 15.Nov.2006
Status: offline
(deleted)

C.

(in reply to ITEngineer)
Post #: 13
RE: Filter to store hostnames in WebProxy logs - 16.Mar.2007 4:34:18 PM   
Jim Harrison

 

Posts: 271
Joined: 5.May2001
From: Redmond, WA
Status: offline
Not to p155 in anyone's Cheerios, but this sort of mechanism has the potential to DoS the ISA pretty badly.
1. this mechanism depends on reverse-name-lookups, which can take up to two minutes under some circumstances.
2. anyone who has spent any amount of time actually evaluating internet name resolution understands that reverse-lookups on the Inertnet are completely unreliable

It's an interesting problem space, but not very useful in reality.

_____________________________

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
My ISAServer.org Stuff
My Site

(in reply to Capsella)
Post #: 14
RE: Filter to store hostnames in WebProxy logs - 16.Mar.2007 10:39:36 PM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
Hiya Jim - hope things have been treating you well.

Do you know if the LogHostname from www.collectivesoftware.com performs this differently?

http://www.collectivesoftware.com/Products/#LogHostname

(in reply to Jim Harrison)
Post #: 15
RE: Filter to store hostnames in WebProxy logs - 17.Mar.2007 12:30:38 AM   
SandyAnderson

 

Posts: 15
Joined: 7.Mar.2007
Status: offline
Please, read this topic. There is no "reverse-lookups" in the "mechanism".

< Message edited by SandyAnderson -- 2.Mar.2011 7:53:30 AM >

(in reply to Jim Harrison)
Post #: 16
RE: Filter to store hostnames in WebProxy logs - 17.Mar.2007 3:35:51 AM   
ITEngineer

 

Posts: 270
Joined: 3.Feb.2006
Status: offline
worked perfectly with my SNAT clients.

(in reply to SandyAnderson)
Post #: 17
RE: Filter to store hostnames in WebProxy logs - 5.Apr.2007 6:00:04 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
yah seems working perfectly !!

many ppl are happy with the result  and the cost ( TOTALLY FREE )

looking forward to have an SSL Filter

Thanks,
Tarek

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to ITEngineer)
Post #: 18
RE: Filter to store hostnames in WebProxy logs - 17.Jul.2007 12:21:19 PM   
Taps

 

Posts: 12
Joined: 13.Sep.2001
From: Atlanta, GA
Status: offline
Quite possible I am missing the obvious....

Does this also change the IP to FQDN in the logging section?

(in reply to elmajdal)
Post #: 19
RE: Filter to store hostnames in WebProxy logs - 17.Jul.2007 1:35:20 PM   
ferrix

 

Posts: 547
Joined: 16.Mar.2005
Status: offline
Several people are asking about this in comparison to LogHostname (which I know about, since I wrote it)

I didn't look at the source code of the filter from this thread, but I definitely agree that it is a simple thing to build a filter that replaces the IP address in the URL field by the host name.  This is why LHN is so inexpensive to license.. we try not to charge crazy prices for simple things.

To answer the question: LogHostname features in addition to this, a nice installer program, checking to ensure it isn't a spoofed header, matches Host header to A records, and employs synchronization objects so there's no chance of crashing on highly loaded servers.  (Oh and you have someone to call if you need support)

I think it's fantastic any time someone starts coding to the ISA filter API and contributes to the community, and this is a great starting point for a simple filter that pretty much everyone needs.  My company sold LogHostname for a couple years and I don't grumble if an open source solution comes along to supercede it.  LHN will still be there for companies that prefer a supported solution.

Cheers to fellow ISA filter devs!

(in reply to Taps)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting >> Filter to store hostnames in WebProxy logs Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts