I am using ISA logs to try and determine website statistics for a website on our server. The ISA logs keep track of everything coming through our firewall. i.e. mail, website traffic from our internal computers out to the internet as well as users hitting our 5 websites hosted on the same server.
I am getting confused as to which INCLUDE EXCLUDE commands I should be using. Ideally I would like to analyze one website at a time : www.usawaterquality.org <http://www.usawaterquality.org/> . I would like to get count of the number of hits this website it getting , who is hitting it while excluding the hits the website it getting from internal users. I am thinking I want to use the INCLUDE and EXCLUDE commands but I am not getting the expected results. Here are some lines of code. #Software: Microsoft Internet Security and Acceleration Server 2004 #Version: 2.0 #Date: 2007-04-27 00:00:00 #Fields: c-ip cs-username c-agent date time s-computername cs-referred r-host r-ip r-port time-taken cs-bytes sc-bytes cs-protocol s-operation cs-uri s-object-source sc-status rule FilterInfo cs-Network sc-Network error-info action 131.128.90.36 anonymous Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) 2007-04-27 00:00:27 TORCHEMADA - 131.128.1.53 131.128.1.53 80 1 364 218 http GET http://131.128.1.53/home/images/urilogo-sub.gif Inet 304 Internal to Internet - Internal External 0x180 Allowed 131.128.90.36 anonymous Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) 2007-04-27 00:00:27 TORCHEMADA - 131.128.1.53 131.128.1.53 80 1 362 218 http GET http://131.128.1.53/home/images/sub-visit.gif Inet 304 Internal to Internet - Internal External 0x180 Allowed 131.128.90.36 anonymous Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) 2007-04-27 00:00:27 TORCHEMADA - 131.128.1.53 131.128.1.53 80 1 362 218 http GET http://131.128.1.53/home/images/sub-pstud.gif Inet 304 Internal to Internet - Internal External 0x180 Allowed 131.128.90.36 anonymous Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) 2007-04-27 00:00:27 TORCHEMADA - 131.128.1.53 131.128.1.53 80 1 361 218 http GET http://131.128.1.53/home/images/sub-stud.gif Inet 304 Internal to Internet - Internal External 0x180 Allowed 74.6.87.40 anonymous Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) 2007-04-27 00:00:29 TORCHEMADA - www.usawaterquality.org 131.128.90.13 80 1 200 1065 http GET http://131.128.90.13/robots.txt Inet 200 www.usawaterquality.org - External - 0x500 Allowed 207.230.13.10 anonymous NewsAlloy/1.1 (http://www.NewsAlloy.com; 1 subscribers) 2007-04-27 00:00:30 TORCHEMADA - geospatial.uri.edu 131.128.90.30 80 1 203 15422 http GET http://131.128.90.30/rigis.xml Inet 200 geospatial.uri.edu - External - 0x400 Allowed 141.150.44.108 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MSN 9.0; MSNbVZ02; MSNmen-us; MSNcOTH; MPLUS) 2007-04-27 00:00:37 TORCHEMADA - www.edc.uri.edu 131.128.90.11 80 1 458 188 http GET http://131.128.90.11/restoration/html/gallery/images/birds/aplaty_b.jpg Inet 304 www.edc.uri.edu - External - 0x180 Allowed Thanks again for any help. Aimee
+------------------------------------------------------------------------ | TO UNSUBSCRIBE from this list: | http://lists.meer.net/mailman/listinfo/analog-help | | Analog Documentation: http://analog.cx/docs/Readme.html | List archives: http://www.analog.cx/docs/mailing.html#listarchives | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general +------------------------------------------------------------------------
