Process Web-proxy logs enables/disables processing log files of either the web proxy service (for ISA 2000) or the web proxy application filter (for ISA 2004). These log files have names of the following types:
|WEBEXT?????????.log||ISA 2000, the W3C format|
|WEB?????????.log||ISA 2000, the IIS format|
|ISALOG_????????_WEB_???.w3c||ISA 2004, the W3C format|
|ISALOG_????????_WEB_???.iis||ISA 2004, the IIS format|
It is recommended to leave the option enabled.
Process FireWall logs enables/disables processing log files of the firewall service. These log files have names of the following types:
|FWSEXT?????????.log||ISA 2000, the W3C format|
|FWS?????????.log||ISA 2000, the IIS format|
|ISALOG_????????_FWS_???.w3c||ISA 2004, the W3C format|
|ISALOG_????????_FWS_???.iis||ISA 2004, the IIS format|
Exclude HTTP traffic (only for ISA 2004) allows you to avoid duplicating web traffic in reports. Due to some peculiarities of the ISA 2004 architecture, web traffic is recorded twice in its log files, the first time it is the firewall log and the second time it is the web proxy log. It is recommended to leave the option enabled.
Process packet filter logs (only for ISA 2000) enables/disables processing the logs of the packet filter. It is recommended to enable the option.
Packet filter: import only "BLOCKED" records enabling this option allows you to considerably speed up processing packet filter logs and reduces the size of the DB. As a rule, the number of records with the BLOCKED status is a few dozen times fewer than with the ALLOWED status.
Use IP instead of 'anonymous' username if this option is enabled, the username anonymous will be replace with the IP address from which the request was sent. Enabling this option is reasonable only when IP addresses are distributed statically (without using DHCP) and username substitution is used. The option works for all types of log files except for the packet filter.
Strip anything before '/' '\' from username allows you to change the type of usernames from Domain\User to User during the import process. It is recommended to leave this option enabled for networks with one NT domain. The option works for all types of log files except the packet filter.
Do not process lines with 401/407 codes in sc-status field allows you to skip authorization requests/denials, though these requests are internal, they are still written into the log file with codes 401/407. The option works only for web proxy logs that have the sc-status field. It is recommended to leave the option enabled.
Do not process UDP Bind allows you to skip UDP sessions with the Bind status, these records in log files are duplicate. The option works only for firewall logs. It is recommended to leave the option enabled.
Filter Web-proxy logs using s-object-source field values control over counting traffic from the web proxy cache. To count only external traffic, it is recommended to leave the values 0, Inet, VFInet enabled.
Allows you to avoid including internal traffic into reports even if it is recorded in firewall log files (it may occur in ISA 2004 because it is possible for each rule to control writing to log files). Traffic is considered to be internal (local) if both the client IP address and the server IP address are found in the table with local addresses.
All the above options work only during the process of importing into the database. The information in the DB is not affected. If you want to apply new settings to all data, you should clear the entire DB (Database | Clear database) and import log files again.