ISA Server 2000 initial setup

Run ISA Management Console, select the server to work with and open the Monitoring Configuration | Logs:



Choose the W3C extended log file format logging for all three kinds of log files (Web Proxy, Firewall and Packet filter). Make sure the Enable logging for this service switch is on.



Note:
ProxyInspector for ISA Server can work only with those log files that meet the requirements of the W3C extended log file format.


The log files must contain the following fields: 
Web Proxy Service:
Client IP
Client user name
Client agent
Date
Time
Bytes sent
Bytes received
Protocol name
Object name
[Object source] - this field is optional, and if it is there, it is used to determine the traffic source
[Result code] - this field can be used to filter 401/407 code requests that do not create external traffic

Firewall service:
Client IP
Client user name
Client agent
Date
Time
Destination IP
Bytes sent
Bytes received
Protocol name

Packet filter:
Date
Time
Source IP
Destination IP
Rule
Source port
Destination port

To avoid Web traffic duplication you should either:
Disable the HTTP Redirector Filter and use browser settings to operate through a proxy server (from ISA Management | Extensions | Application filters), or
Completely avoid analyzing firewall log files.