ISA Log uri

Posted on 2006-06-07
Medium Priority
Last Modified: 2013-11-16
Can anyone tell me if the uri entry in the ISA log is limited to what a user requests or is it everything that comes up on the screen? I'm trying to get a good idea of usage by website, but I don't want to capture each and every image downloaded when a user hits a website. I know I can use destination host, but I'd like a little more detail.
Question by:t1clausen
  • 2
LVL 51

Accepted Solution

Keith Alabaster earned 1000 total points
ID: 16855105
Are you running ISA2000 or ISA2004?

It is everything that passes through the ISA server filters. If a web site redirects, for example, or a pop up appears, then this data has to come donw through the http/https stream and therefore can be captured. ISA2000 logging was OK but ISA2004/ISA2006 is excellent.

No, it doesn't cover each and every web-part, graphic etc. Isa is monitoring for headers, signatures, urls, ip's domain names etc. However, your cache will if you have it activated.

Author Comment

ID: 16855139
I'm running 2004. I have the log sent to my SQL server and I'm writing a Crystal Report to sum up usage by user. I really just need to see generally what sites are being hit and how often so I guess what I have now will work:

SELECT     ClientUserName, CONVERT(varchar(19), logTime, 120) AS logTime, DestHost, COUNT(*) AS counter
FROM         dbo.[Test Lab]
GROUP BY ClientUserName, CONVERT(varchar(19), logTime, 120), DestHost

This eliminates duplicates so I get a better idea of what's happening. It will work I guess!
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16855153
You know that ISA has some damn fine reports (html/xml) that do all of that for you? Obviously not as detailed as ones you can do yourself but normally good enough for most uses. :)


and thanks :)

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question