• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

WebSpy can't analyz FireWall log *.w3c

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting >> WebSpy can't analyz FireWall log *.w3c Page: [1]
Login
Message << Older Topic   Newer Topic >>
WebSpy can't analyz FireWall log *.w3c - 25.Mar.2005 11:24:00 AM   
Guest
Hi All,

I have ISA 2004. It was configured to store WEB and FW logs in w3c format.

Also I have WebSpy Giga to analyz logs.

No problem with web logs. I get full report.
But I can't get normal report from FW logs.

I contacted with webspy support, but they couldn't help me.

What can I do? I try to use different soft (Proxy Inspector) but it is not as good as WebSpy.
  Post #: 1
RE: WebSpy can't analyz FireWall log *.w3c - 25.Mar.2005 3:19:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Iz,

Are they saying that they don't support that format? Do you need to use ISA Server file format?

Thanks!
Tom

(in reply to Guest)
Post #: 2
RE: WebSpy can't analyz FireWall log *.w3c - 26.Mar.2005 6:51:00 PM   
Guest
Hi tshinder

They are saying that they support ISA format 2004
But I can't get normal report for FW logs.

(in reply to Guest)
  Post #: 3
RE: WebSpy can't analyz FireWall log *.w3c - 30.Mar.2005 4:09:00 AM   
wishfly

 

Posts: 122
Joined: 6.Mar.2005
Status: offline
you can try this one: netfee for isa server.
http://www.netfeesoftware.com/NetFee/Index.htm

it can analyz FW logs, but the format should be ISA file format.

(in reply to Guest)
Post #: 4
RE: WebSpy can't analyz FireWall log *.w3c - 27.Apr.2005 4:54:00 PM   
denizyalcin

 

Posts: 122
Joined: 19.Jan.2005
From: Turkey
Status: offline
Hi izzet,

Nowadays I'm evaluating the Webspy, too. I don't have any problems with the ISA2004 format but there some points that you have to be careful. Do you get any errors when you import the logs into Webspy ?

By me, I'm getting the date format error everytime and I have to dismiss this error before using the logs. And of course before importing the logs, you need to set your ISA box's logging method to w3c format.

(in reply to Guest)
Post #: 5
RE: WebSpy can't analyz FireWall log *.w3c - 4.May2005 5:48:00 PM   
mnyquist

 

Posts: 34
Joined: 10.Sep.2003
From: Denver
Status: offline
I'm using Webspy as well, and made a workaround for this. I like to use the MMC log viewer to do ad-hoc queries in realtime, which is only available if you use MSDE or SQL.

So - I wrote a couple of scripts that connect to the ISA server, dump any new databases to text files, convert the BigINT fields to IP addresses and create a new ".webspy" file that it can read as a native ISA Server format.

I can post if anyone is interested.

Mark

(in reply to Guest)
Post #: 6
RE: WebSpy can't analyz FireWall log *.w3c - 5.May2005 1:15:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Mark,

You bet! If you post it I'll include it in the next newsletter. If you send it to me at tshinder@isaserver.org, I'll post it for download and put it on the front page of the site as a news item.

Thanks!
Tom

(in reply to Guest)
Post #: 7
RE: WebSpy can't analyz FireWall log *.w3c - 9.May2005 6:33:00 PM   
mnyquist

 

Posts: 34
Joined: 10.Sep.2003
From: Denver
Status: offline
Tom,

I tried to email the scripts to you, but got the following bounce:

The following recipient(s) could not be reached:

tshinder@hotmail.com on 5/9/2005 10:32 AM
A configuration error in the e-mail system caused the message to bounce between two servers or to be forwarded between two recipients. Contact your administrator.
<mailgate.gfi.com #4.4.6>

Suggestions?

Mark

(in reply to Guest)
Post #: 8
RE: WebSpy can't analyz FireWall log *.w3c - 24.May2005 9:13:00 PM   
hwilkins

 

Posts: 37
Joined: 30.Jul.2004
From: Memphis
Status: offline
If you have still not gotten that script to Tom, are you interested in privately mailing it to anyone (like me)?

You should be able to privately mail my profile here...

Thanks in advance,
Bobby

(in reply to Guest)
Post #: 9
RE: WebSpy can't analyz FireWall log *.w3c - 15.Jun.2005 8:12:00 AM   
An-D

 

Posts: 7
Joined: 13.Jun.2005
From: london
Status: offline
denizyalcin >

the date format error is very common when importing from ISA. you can change this to be in line with your isa from the from properties tab when you start a storage or import data.
or just select the checkbox ignore future errors when it pops up and you will not be informed again. It is not a real problem that you should be worried, it will be automatically corrected.


Izzet > we donĘt not currently report on the activity of your firewall so there is no point in loading the firewall log. We can give you all the information you require on users browsing etc from the proxy log file. (There is a new application scheduled for release from us this year that will read firewall logs and many other network devices called network analyser)

[ June 15, 2005, 08:15 AM: Message edited by: An-D ]

(in reply to Guest)
Post #: 10
RE: WebSpy can't analyz FireWall log *.w3c - 15.Jun.2005 11:32:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Andrew,

Thanks for the info!

Looking forward to the improvements in your product later this year.

Thanks!
Tom

(in reply to Guest)
Post #: 11
RE: WebSpy can't analyz FireWall log *.w3c - 15.Jun.2005 1:17:00 PM   
talon

 

Posts: 12
Joined: 21.Jan.2005
From: Rockford, MI
Status: offline
quote:
Originally posted by tshinder:
Hi Mark,

You bet! If you post it I'll include it in the next newsletter. If you send it to me at tshinder@isaserver.org, I'll post it for download and put it on the front page of the site as a news item.

Thanks!
Tom

Tom, was this ever posted? just curious ---

As well, if it wasnt. Mark if your reading can you post to a website or something for dl? At least temporary if Tom hasnt already? I use the MSDE method of logging, and am lookin for a way to analyze the logs in bulk format.

jab@leximedia.net

(in reply to Guest)
Post #: 12
RE: WebSpy can't analyz FireWall log *.w3c - 30.Jun.2005 1:34:00 PM   
kcadmin

 

Posts: 23
Joined: 5.Jan.2005
Status: offline
Where can I get that script?! I, too like the MSDE format for quick queries, but need a more robust tool for long-term detail analysis. Most require text logging :-(. This sounds like just the ticket!

(in reply to Guest)
Post #: 13
RE: WebSpy can't analyz FireWall log *.w3c - 30.Jun.2005 2:44:00 PM   
mnyquist

 

Posts: 34
Joined: 10.Sep.2003
From: Denver
Status: offline
Sorry - haven't checked these forums in a while - Yes, Tom did get a copy of my scripts, and featured it in the May 2005 newsletter.

Minus the screenshot I included on changing MSDE to allow TCP/IP remote connections, here's the post:

--------------------------------

Mark Nyquist comes to the rescue of ISA firewall admins everywhere with some great scripts that allow you to bring your ISA firewall's advanced logging information into text format. Let's let Mark explain them to you:

Hey Tom,

Glad to share - I've certainly gotten a lot of help from your site.

Background: I really like the live filtering features for log viewing that the ISA server MMC console provides. The problem is that most log analysis programs want text file output. So - since I didn't want to choose between good live diagnostic tools or good analytical programs, I wrote the attached scripts to be run nightly: ISADump.vbs and MSDEtoWebSpy.vbs.

Basically, the first script connects to the ISA server, finds all the ISA log databases, checks to see if a dump has already been made, and if not, dumps it as a text file with an .MSDE extension. The second script will go through the previously dumped .MSDE files, check to see if it's already done a conversion, and if not, parses through it to convert the BIGINT numbers to IP addresses, and puts it in a file format that WebSpy's "Microsoft ISA Server" filter can recognize. (This could more than likely be modified to convert to other formats as well.)

Note: MSDE does not allow remote TCP/IP connections by default. You need to run C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SVRNETCN.exe and enable it before you can run these scripts from a remote machine. (Requires a SQL restart)

Download the scripts at: http://www.msfirewall.org/isa2004/webspyscripts.zip

(in reply to Guest)
Post #: 14

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting >> WebSpy can't analyz FireWall log *.w3c Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts