|
Important!
These settings should be configured prior to the first import operation, as they apply to the import stage only.
Main settings
Log files path — you need to specify the location of log files. The path can point to a local or network resource (in the UNC format), for instance “Ñ:\Program Files\Microsoft ISA Server\isalogs” or “\\officeserver\logs”. If the path points to the location of MSDE log files, this can only be a local folder.
Process web proxy log files — enable this option to allow processing of log files of the Web Proxy service (for ISA 2000) or Web Proxy application filter (for ISA 2004/2006). File names have the following form:
WEBEXT?????????.log ISA 2000, W3C format
WEB?????????.log ISA 2000, IIS format
ISALOG_????????_WEB_???.w3c ISA 2004/2006, W3C format
ISALOG_????????_WEB_???.iis ISA 2004/2006, IIS format
Disable this option to disable processing of log files. The option is enabled by default and we recommend keeping it on.
Process firewall log files — enable this option to allow processing of the firewall service log files. File names have the following form:
FWSEXT?????????.log ISA 2000, W3C format
FWS?????????.log ISA 2000, IIS format
ISALOG_????????_FWS_???.w3c ISA 2004/2006, W3C format
ISALOG_????????_FWS_???.iis ISA 2004/2006, IIS format
Disable this option to disable processing of log files. The option is enabled by default and we recommend keeping it on.
Do not process HTTP records (only for ISA 2004/2006/TMG) — allows you to prevent duplication of traffic records in reports. Due to some peculiarities of the ISA 2004/2006/TMG architecture, all web traffic is registered in log files twice: in the firewall service logs and the web proxy logs. We recommend leaving this option on.
Use IP address instead of 'anonymous' username — if this option is enabled, user “anonymous” will be replaced with the IP address the request came from. Enabling this option can be justified only in cases of static (no DHCP used) IP distribution and use of user name substitution.
Strip anything before '/' and '\' from username — allows you to shorten user names in the “Domain\User” form to the “User” form. It is recommended to leave this option enabled for networks with a single NT domain.
Do not process UDP Bind records (ISA 2000 only) — allows you to ignore UDP sessions with a Bind status that have duplicate records in log files. This option works for Firewall service log files only. It is recommended to leave this option on.
Do not process UDP Map records (ISA 2000 only) — allows you to ignore UDP sessions with an UdpMap status. This option works for Firewall service log files only.
MSDE — this block of settings is related to the use of log files in the MSDE (Microsoft SQL Server Desktop Engine DBMS) format. It determines which MSDE instance the program should use.
Default instance — should be selected to use Microsoft SQL Server or SQL Express installed with a Default instance option;
Use ISA 2004/2006 (MSFW) instance — ProxyInspector and Microsoft ISA Server 2004/2006 are installed on a single computer, allows you to use a copy of MSDE/SQL Express installed with ISA Server;
Use MS SQL 2005 Express (SQLEXPRESS) instance — use a separately installed instance of SQL Express installed with an SQLExpress instance;
Custom instance — should be specified in a corresponding line.
In all cases, ProxyInspector, log files in MSDE and SQL formats and the server (MSDE, SQL Express, MS SQL Server) should be located on the same computer.
Filtering by the s-object-source field
Filter Web Proxy logs using s-object-source field values — enabling this option allows the filtration of Web-proxy log file records by the s-object-source field and configuration of the list of fields located below. To register external traffic only, leave the following options enabled: Inet è VFInet.
Do not process lines with 401/407 codes in sc-status field — allows you to ignore authorization requests and rejections. These requests are internal to the network, but are saved to the log file. This option can be enabled only for Web-proxy logs with a “sc-status” field. It is recommended to leave this option enabled.
Do not process lines with 12209 code in sc-status field — allows you to ignore connection errors resulting from denied authorizations. These requests are internal to the network, but are saved to the log file. This option can be enabled only for Web-proxy logs with a “sc-status” field. This option is disabled by default.
You must also configure the local addresses table.
| 
