Free ISA Server Log Analysis Program:
Loggerrythm
Phill Hardstaff

What is it: Loggerythm is a log analysis program that supports Microsoft ISA Server - Web proxy logs in EXTENDED format....(coming soon ISA Server Standard logs, by the end of August)....and will soon support MS ISA Server Firewall and IP Filter logs, Microsoft IIS Extended, Microsoft Exchange Tracking Logs and the Webtrends WELF format for Firewalls, plus a whole lot more.

Here is the web site: http://www.loggerythm.com/
Sample Output: http://www.loggerythm.com/ISAWeb
Download latest Build: http://www.loggerythm.com/Loggerythm.1.5.1.101.exe

For the moment it's a command line thing, to set up Loggerythm, follow these steps.

1) Edit the conf file with a text editor (loggerythm.conf), Notepad will do, set up a profile, you can just modify the existing one called [isaweb_server1] if you want. Looking at this below the only things you will need to change are the db_path and html_path to point to where your logs are for db_path and where you want your output to go for html_path, html_path must be a valid existing path, the program will not create directories if they don't exist. NO TRAILING BACKSLASHES PLEASE.

2)  Optional - Then add your inside IP address ranges following the example given, the only wild card character you can use is the star * . If you really don't care about the program NOT counting activity inside the firewall then just leave this blank.

3) For GMT hours, take your time zone, be it plus or minus GMT / UTC, work out the difference in seconds, i.e. for me it UTC +11 so its 11 x 60 x 60 = 39600. You need this because ISA logs in GMT Time, if we don't correct then your usage peaks show up in the wrong place, in my case at mid-evening instead of mid-morning.

4) A valid report period, can be lastday, lastweek, last2weeks, last3weeks, lastmonth, all

[isaweb_server1]
logtype=isaweb1
filespec=webextd*.log
db_path=d:\logs\isalogs
html_path=C:\Output\ISAWeb
dolookups=0
cost_kb=0
tablerows=25
insideips=172.17.*,172.18.*,192.168.*
DateSeparator=-
LogDateFormat=yyyy/mm/dd
defaultfilename=index.html
GMThours=39600
ReportPeriod=lastweek
 

**Do not change Date Separator, log date format will be correct in 99% of default setups.

5) Test it, open a DOS prompt and go to the Loggerythm Directory, ( Win2K and NT ? try this C:\>cd\program*\logg* ) , Just a bit quicker :)

C:\Program Files\Loggerythm Log Analyser>

Then run the program giving the name of your profile created above as a parameter, ie for the above profile we would type , loggerythm isaweb_server1

C:\Program Files\Loggerythm Log Analyser>loggerythm isaweb_server1

If all is OK a dialog box will come up which will show the progress, when you have it running OK like this you can then add this to the Scheduler service, you need to enter the path to the file like this

"C:\Program Files\Loggerythm Log Analyser\Loggerythm.exe" isaweb_server1