- Microsoft ISA Server
Here is a sample of the firewall log from Microsoft ISA Server 2004 (in W3c extended format). Note that when the W3C extended log format is used, the times stamped on events are in Coordinated Universal Time (UTC) otherwise known as Greenwich Mean Time. So adjustments would have to be made during analysis for the particular time zone you are in.
Here is a sample of the web proxy log from ISA Server 2004. It is in W3C extended format.
Here are log samples from ISA Server 2000
IP Packet Filter log in W3C Extended format
2006-11-16 00:04:45 10.45.1.1 10.45.2.4 Udp 1675 137 - BLOCKED 10.45.1.1 23 44 44 4e yu bf 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8b 44 89 44 3a 82 37 2006-11-16 00:04:46 10.45.1.1 10.45.2.4 Udp 1675 137 - BLOCKED 10.45.1.1 23 44 44 4e yu c1 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8b 44 89 44 3a 82 35 2006-11-16 00:04:48 10.45.1.1 10.45.2.4 Udp 1675 137 - BLOCKED 10.45.1.1 23 44 44 4e yu c2 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8b 44 89 44 3a 82 33 2006-11-16 00:04:49 10.45.1.1 10.45.2.4 Udp 1675 137 - BLOCKED 10.45.1.1 23 44 44 4e yu ce 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8b 44 89 44 3a 82 31 2006-11-16 00:04:51 10.45.1.1 10.45.2.4 Udp 1675 137 - BLOCKED 10.45.1.1 23 44 44 4e yu cf 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8b 44 89 44 3a 82 2f 2006-11-16 00:08:51 10.45.1.1 10.45.2.4 Udp 1676 137 - BLOCKED 10.45.1.1 23 44 44 4e e6 61 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 4g 44 89 44 3a 82 26 2006-11-16 00:08:52 10.45.1.1 10.45.2.4 Udp 1676 137 - BLOCKED 10.45.1.1 23 44 44 4e e7 97 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 4g 44 89 44 3a 82 24 2006-11-16 00:08:54 10.45.1.1 10.45.2.4 Udp 1676 137 - BLOCKED 10.45.1.1 23 44 44 4e e8 4f 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 4g 44 89 44 3a 82 22 2006-11-16 00:08:55 10.45.1.1 10.45.2.4 Udp 1676 137 - BLOCKED 10.45.1.1 23 44 44 4e e9 d1 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 4g 44 89 44 3a 82 20 2006-11-16 00:08:57 10.45.1.1 10.45.2.4 Udp 1676 137 - BLOCKED 10.45.1.1 23 44 44 4e eb 4c 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 4g 44 89 44 3a 82 1e 2006-11-16 00:12:27 41.56.41.15 10.45.1.1 Tcp 80 24820 SYN ACK BLOCKED 10.45.1.1 23 44 44 30 bd eb 40 44 74 06 51 ac 0c 78 29 0f c0 a8 01 01 44 50 60 f4 ec f3 fc 84 h9 7d 10 a3 70 12 18 44 62 51 44 44 02 04 05 64 04 02 01 01 2006-11-16 00:12:28 41.56.41.15 10.45.1.1 Tcp 80 24820 SYN ACK BLOCKED 10.45.1.1 23 44 44 30 uj 0e 40 44 74 06 20 89 0c 78 29 0f c0 a8 01 01 44 50 60 f4 ec f3 fc 84 h9 7d 10 a3 70 12 18 44 62 51 44 44 02 04 05 64 04 02 01 01 2006-11-16 00:12:31 41.56.41.15 10.45.1.1 Tcp 80 24820 SYN ACK BLOCKED 10.45.1.1 23 44 44 30 11 61 40 44 74 06 fe 36 0c 78 29 0f c0 a8 01 01 44 50 60 f4 ec f3 fc 84 h9 7d 10 a3 70 12 18 44 62 51 44 44 02 04 05 64 04 02 01 01 2006-11-16 00:12:37 41.56.41.15 10.45.1.1 Tcp 80 24820 SYN ACK BLOCKED 10.45.1.1 23 44 44 30 57 15 40 44 74 06 b8 82 0c 78 29 0f c0 a8 01 01 44 50 60 f4 ec f3 fc 84 h9 7d 10 a3 70 12 18 44 62 51 44 44 02 04 05 64 04 02 01 01 2006-11-16 00:12:49 41.56.41.15 10.45.1.1 Tcp 80 24820 SYN ACK BLOCKED 10.45.1.1 23 44 44 30 b5 69 40 44 74 06 5a 2e 0c 78 29 0f c0 a8 01 01 44 50 60 f4 ec f3 fc 84 h9 7d 10 a3 70 12 18 44 62 51 44 44 02 04 05 64 04 02 01 01 2006-11-16 00:13:12 41.56.41.15 10.45.1.1 Tcp 80 24820 SYN ACK BLOCKED 10.45.1.1 23 44 44 30 58 ea 40 44 74 06 h9 yu 0c 78 29 0f c0 a8 01 01 44 50 60 f4 ec f3 fc 84 h9 7d 10 a3 70 12 18 44 62 51 44 44 02 04 05 64 04 02 01 01 2006-11-16 00:13:21 41.56.41.15 10.45.1.1 Tcp 80 24820 RST ACK BLOCKED 10.45.1.1 23 44 44 28 0f ca 40 44 74 06 ff d5 0c 78 29 0f c0 a8 01 01 44 50 60 f4 ec f3 fc 85 h9 7d 10 a3 50 14 44 44 a6 c1 44 00 2006-11-16 01:08:33 10.45.1.1 10.45.2.4 Udp 1677 137 - BLOCKED 10.45.1.1 23 44 44 4e 5c 5c 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8d 44 89 44 3a 81 9a 2006-11-16 01:08:34 10.45.1.1 10.45.2.4 Udp 1677 137 - BLOCKED 10.45.1.1 23 44 44 4e 5c 7e 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8d 44 89 44 3a 81 98 2006-11-16 01:08:36 10.45.1.1 10.45.2.4 Udp 1677 137 - BLOCKED 10.45.1.1 23 44 44 4e 5c f7 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8d 44 89 44 3a 81 96 2006-11-16 01:08:37 10.45.1.1 10.45.2.4 Udp 1677 137 - BLOCKED 10.45.1.1 23 44 44 4e 5d 75 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8d 44 89 44 3a 81 94 2006-11-16 01:08:39 10.45.1.1 10.45.2.4 Udp 1677 137 - BLOCKED 10.45.1.1 23 44 44 4e 5d bc 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8d 44 89 44 3a 81 92 2006-11-16 01:12:06 10.45.1.1 10.45.2.4 Udp 1678 137 - BLOCKED 10.45.1.1 23 44 44 4e 8f bc 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8e 44 89 44 3a 81 87 2006-11-16 01:12:08 10.45.1.1 10.45.2.4 Udp 1678 137 - BLOCKED 10.45.1.1 23 44 44 4e 90 96 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8e 44 89 44 3a 81 85 2006-11-16 01:12:09 10.45.1.1 10.45.2.4 Udp 1678 137 - BLOCKED 10.45.1.1 23 44 44 4e 91 bd 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8e 44 89 44 3a 81 83 2006-11-16 01:12:11 10.45.1.1 10.45.2.4 Udp 1678 137 - BLOCKED 10.45.1.1 23 44 44 4e 91 e0 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8e 44 89 44 3a 81 81 2006-11-16 01:12:12 10.45.1.1 10.45.2.4 Udp 1678 137 - BLOCKED 10.45.1.1 23 44 44 4e 92 11 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8e 44 89 44 3a 81 7f 2006-11-16 02:12:43 10.45.1.1 10.45.2.4 Udp 1679 137 - BLOCKED 10.45.1.1 23 44 44 4e 63 b5 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8f 44 89 44 3a 80 f6 2006-11-16 02:12:45 10.45.1.1 10.45.2.4 Udp 1679 137 - BLOCKED 10.45.1.1 23 44 44 4e 63 e0 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8f 44 89 44 3a 80 f4 2006-11-16 02:12:46 10.45.1.1 10.45.2.4 Udp 1679 137 - BLOCKED 10.45.1.1 23 44 44 4e 64 17 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8f 44 89 44 3a 80 f2 2006-11-16 02:12:48 10.45.1.1 10.45.2.4 Udp 1679 137 - BLOCKED 10.45.1.1 23 44 44 4e 64 5d 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8f 44 89 44 3a 80 f0 2006-11-16 02:12:49 10.45.1.1 10.45.2.4 Udp 1679 137 - BLOCKED 10.45.1.1 23 44 44 4e 64 73 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8f 44 89 44 3a 80 ee
Here is the ISA Server 2000 Firewall Log in ISA Server format
Here is a sample of the ISA Server 2000 web proxy log in W3C Extended format
#Software: Microsoft(R) Internet Security and Acceleration Server 2000
#Version: 1.0
#Date: 2006-11-16 00:00:01
#Fields: c-ip cs-username c-agent sc-authenticated date time s-svcname s-computername cs-referred r-host r-ip r-port time-taken cs-bytes sc-bytes cs-protocol cs-transport s-operation cs-uri cs-mime-type s-object-source sc-status s-cache-info rule#1 rule#2
10.54.80.151 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) N 2006-11-16 00:00:01 w3proxy ACME-PROXY - web.freemail.com - 80 - 992 3292 http TCP POST http://web.freemail.com/mail/channel/bind?at=3fed1555f6851887-10ee843eb7e&VER=2&SID=ABDB48E0D064E6E7&RID=83189&zx=f5lvq4-uftwvt&t=1 - - 407 - - -
10.54.80.151 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) N 2006-11-16 00:00:01 w3proxy ACME-PROXY - web.freemail.com - 80 - 52 1980 http TCP POST http://web.freemail.com/mail/channel/bind?at=3fed1555f6851887-10ee843eb7e&VER=2&SID=ABDB48E0D064E6E7&RID=83189&zx=f5lvq4-uftwvt&t=1 - - 407 - - -
10.54.29.65 ACME\clmantock Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Windows Live Messenger 8.0.0812) Y 2006-11-16 00:00:02 w3proxy ACME-PROXY - 207.46.107.35 207.46.107.35 80 719 339 572 http TCP POST http://207.46.107.35/gateway/gateway.dll?Action=poll&SessionID=1035492081.13530 application/x-msn-messenger Inet 200 0x40000004 Internet Access Grant Access to all destinations
10.54.29.65 ACME\clmantock Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Windows Live Messenger 8.0.0812) Y 2006-11-16 00:00:03 w3proxy ACME-PROXY - 207.46.107.35 207.46.107.35 80 703 338 290 http TCP POST http://207.46.107.35/gateway/gateway.dll?Action=poll&SessionID=1035492081.1247 application/x-msn-messenger Inet 200 0x40000004 Internet Access Grant Access to all destinations
10.54.80.151 ACME\eflynn Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:03 w3proxy ACME-PROXY - web.freemail.com 72.14.205.17 80 2329 1666 342 http TCP POST http://web.freemail.com/mail/channel/bind?at=3fed1555f6851887-10ee843eb7e&VER=2&SID=ABDB48E0D064E6E7&RID=83189&zx=f5lvq4-uftwvt&t=1 text/html; charset=utf-8 Inet 200 0x42040004 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:04 w3proxy ACME-PROXY - www.c-spline.com - 80 16 414 155 http TCP GET http://www.c-spline.com/styles/style.css text/css NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:04 w3proxy ACME-PROXY - www.c-spline.com - 80 - 422 155 http TCP GET http://www.c-spline.com/images/searchcooper2.gif image/gif NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:04 w3proxy ACME-PROXY - www.c-spline.com - 80 - 421 155 http TCP GET http://www.c-spline.com/images/searchcooper.gif image/gif NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:04 w3proxy ACME-PROXY - www.c-spline.com - 80 - 420 155 http TCP GET http://www.c-spline.com/images/cooperhome2.gif image/gif NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:04 w3proxy ACME-PROXY - www.c-spline.com - 80 - 418 155 http TCP GET http://www.c-spline.com/images/cooperhome.gif image/gif NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:04 w3proxy ACME-PROXY - www.c-spline.com - 80 16 428 155 http TCP GET http://www.c-spline.com/images/cooper-connection_02.gif image/gif NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:04 w3proxy ACME-PROXY - www.c-spline.com - 80 - 429 155 http TCP GET http://www.c-spline.com/images/cooper-connection_01.gif image/gif NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:04 w3proxy ACME-PROXY - www.c-spline.com - 80 - 416 155 http TCP GET http://www.c-spline.com/images/logo_sm.gif image/gif NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:04 w3proxy ACME-PROXY - www.c-spline.com 44.231.209.19 80 2453 271 16042 http TCP GET http://www.c-spline.com/euserc.asp text/html Inet 200 0x42020000 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:04 w3proxy ACME-PROXY - www.c-spline.com - 80 - 428 155 http TCP GET http://www.c-spline.com/images/Metering/Meterheader.jpg image/jpeg NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:04 w3proxy ACME-PROXY - www.c-spline.com - 80 - 433 155 http TCP GET http://www.c-spline.com/images/Cooperc-spline/cprbline211.jpg image/jpeg NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:04 w3proxy ACME-PROXY - www.c-spline.com - 80 - 432 155 http TCP GET http://www.c-spline.com/Include/headers/menu/milonic_src.js application/x-javascript NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:04 w3proxy ACME-PROXY - www.c-spline.com - 80 - 430 155 http TCP GET http://www.c-spline.com/Include/headers/menu/mmenudom.js application/x-javascript NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:04 w3proxy ACME-PROXY - www.c-spline.com - 80 16 423 155 http TCP GET http://www.c-spline.com/images/textbox_shadow.gif image/gif NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:05 w3proxy ACME-PROXY - www.c-spline.com - 80 - 430 155 http TCP GET http://www.c-spline.com/Include/headers/menu/menu_data.js application/x-javascript NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:05 w3proxy ACME-PROXY - www.c-spline.com - 80 - 417 155 http TCP GET http://www.c-spline.com/images/whitend3.gif image/gif NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:05 w3proxy ACME-PROXY - www.c-spline.com - 80 - 416 155 http TCP GET http://www.c-spline.com/images/bee-gray.jpg image/jpeg NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:05 w3proxy ACME-PROXY - www.c-spline.com - 80 - 415 155 http TCP GET http://www.c-spline.com/images/euserc.jpg image/jpeg NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.20.97 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Win32) N 2006-11-16 00:00:07 w3proxy ACME-PROXY - updaterservice.wildtangent.com - 80 - 1480 2846 http TCP POST http://updaterservice.wildtangent.com/updater/updatecheckin.wss - - 407 - - -
10.54.20.97 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Win32) N 2006-11-16 00:00:07 w3proxy ACME-PROXY - updaterservice.wildtangent.com - 80 - 1187 887 http TCP POST http://updaterservice.wildtangent.com/updater/updatecheckin.wss - - 407 - - -
10.54.20.97 ACME\capadonna Mozilla/4.0 (compatible; MSIE 6.0; Win32) Y 2006-11-16 00:00:07 w3proxy ACME-PROXY - - - - - 1716 - - TCP POST http://updaterservice.wildtangent.com/updater/updatecheckin.wss - - 12209 0x4 Internet Access Block unproductive websites
10.54.35.2 ACME\hizzo Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:09 w3proxy ACME-PROXY - 145.27.59.156 145.27.59.156 80 6453 4587 14623 http TCP POST http://145.27.59.156/campaign text/html Inet 200 0x40000004 Internet Access Grant Access to all destinations
10.54.70.45 anonymous Acrobat Messages Updater N 2006-11-16 00:00:09 w3proxy ACME-PROXY - rms.adobe.com - 80 - 224 2792 http TCP GET http://rms.adobe.com/read/0600/win_/ENU/read0600win_ENUadbe0000.xml - - 407 - - -
10.54.80.133 ACME\rgordon Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:10 w3proxy ACME-PROXY - b.web.freemail.com 66.102.11.189 80 241844 1483 1410 http TCP GET http://b.web.freemail.com/mail/channel/bind?at=d125f6cdf3da8331-10eebce9ebc&RID=rpc&SID=4E672078DDD815A7&CI=0&AID=1442&TYPE=html&zx=lr71ql-cphr5q&DOMAIN=web.freemail.com&t=1 text/html; charset=utf-8 Inet 200 0x42040001 Internet Access Grant Access to all destinations
10.54.80.133 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) N 2006-11-16 00:00:10 w3proxy ACME-PROXY - b.web.freemail.com - 80 - 992 3093 http TCP GET http://b.web.freemail.com/mail/channel/bind?at=d125f6cdf3da8331-10eebce9ebc&RID=rpc&SID=4E672078DDD815A7&CI=0&AID=1451&TYPE=html&zx=3ie2qj-xmlylo&DOMAIN=web.freemail.com&t=1 - - 407 - - -
10.54.80.133 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) N 2006-11-16 00:00:10 w3proxy ACME-PROXY - b.web.freemail.com - 80 - - 1837 http TCP GET http://b.web.freemail.com/mail/channel/bind?at=d125f6cdf3da8331-10eebce9ebc&RID=rpc&SID=4E672078DDD815A7&CI=0&AID=1451&TYPE=html&zx=3ie2qj-xmlylo&DOMAIN=web.freemail.com&t=1 - - 407 - - -
10.54.70.99 anonymous Acrobat Messages Updater N 2006-11-16 00:00:12 w3proxy ACME-PROXY - rms.adobe.com - 80 - 224 2792 http TCP GET http://rms.adobe.com/read/0600/win_/ENU/read0600win_ENUadbe0000.xml - - 407 - - -
10.54.35.2 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) N 2006-11-16 00:00:12 w3proxy ACME-PROXY - 145.27.59.156 - 80 - 700 2846 http TCP GET http://145.27.59.156/campaign?jcid=1163599178318&redir=index.xxx?aid=campaign&&HH1=34&gg2=45&dd1=15&mm1=23&re1=2006&HH2=19&MM2=15&dd2=15&mm2=23&re2=2006&rcp=&name=Hope+6-510&desc=Hope+6-510&rtype=2&val=1&msg=Hope+6-510+return+to+service+%40+6%3A43pm+after+relay+disabled - - 407 - - -
10.54.35.2 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) N 2006-11-16 00:00:12 w3proxy ACME-PROXY - 145.27.59.156 - 80 - - 1302 http TCP GET http://145.27.59.156/campaign?jcid=1163599178318&redir=index.xxx?aid=campaign&&HH1=34&gg2=45&dd1=15&mm1=23&re1=2006&HH2=19&MM2=15&dd2=15&mm2=23&re2=2006&rcp=&name=Hope+6-510&desc=Hope+6-510&rtype=2&val=1&msg=Hope+6-510+return+to+service+%40+6%3A43pm+after+relay+disabled - - 407 - - -
10.54.35.2 ACME\hizzo Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:12 w3proxy ACME-PROXY - 145.27.59.156 145.27.59.156 80 172 956 259 http TCP GET http://145.27.59.156/campaign?jcid=1163599178318&redir=index.xxx?aid=campaign&&HH1=34&gg2=45&dd1=15&mm1=23&re1=2006&HH2=19&MM2=15&dd2=15&mm2=23&re2=2006&rcp=&name=Hope+6-510&desc=Hope+6-510&rtype=2&val=1&msg=Hope+6-510+return+to+service+%40+6%3A43pm+aft - Inet 302 0x40000005 Internet Access Grant Access to all destinations
10.54.35.2 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) N 2006-11-16 00:00:13 w3proxy ACME-PROXY - 145.27.59.156 - 80 - 465 2846 http TCP GET http://145.27.59.156/campaign/web/MCstyle.css - - 407 - - -
10.54.35.2 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) N 2006-11-16 00:00:13 w3proxy ACME-PROXY - 145.27.59.156 - 80 - - 1067 http TCP GET http://145.27.59.156/campaign/web/MCstyle.css - - 407 - - -
10.54.35.2 ACME\hizzo Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:13 w3proxy ACME-PROXY - 145.27.59.156 145.27.59.156 80 422 721 172 http TCP GET http://145.27.59.156/campaign/web/MCstyle.css text/css VCache 304 0x1006 Internet Access Grant Access to all destinations
10.54.35.2 ACME\hizzo Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:13 w3proxy ACME-PROXY - 145.27.59.156 145.27.59.156 80 703 480 21834 http TCP GET http://145.27.59.156/index.xxx?aid=campaign&pg=2.0 text/html Inet 200 0x42000005 Internet Access Grant Access to all destinations
10.54.35.2 ACME\hizzo Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:13 w3proxy ACME-PROXY - 145.27.59.156 145.27.59.156 80 360 457 172 http TCP GET http://145.27.59.156/clientscripts.js text/javascript VCache 304 0x1006 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:14 w3proxy ACME-PROXY - www.c-spline.com - 80 - 442 155 http TCP GET http://www.c-spline.com/styles/style.css text/css NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:14 w3proxy ACME-PROXY - www.c-spline.com - 80 15 450 155 http TCP GET http://www.c-spline.com/images/searchcooper2.gif image/gif NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:14 w3proxy ACME-PROXY - www.c-spline.com - 80 - 449 155 http TCP GET http://www.c-spline.com/images/searchcooper.gif image/gif NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 20081.6-11-16 00:00:14 w3proxy ACME-PROXY - www.c-spline.com - 80 - 448 155 http TCP GET http://www.c-spline.com/images/cooperhome2.gif image/gif NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:14 w3proxy ACME-PROXY - www.c-spline.com - 80 - 446 155 http TCP GET http://www.c-spline.com/images/cooperhome.gif image/gif NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:14 w3proxy ACME-PROXY - www.c-spline.com - 80 - 456 155 http TCP GET http://www.c-spline.com/images/cooper-connection_02.gif image/gif NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:14 w3proxy ACME-PROXY - www.c-spline.com - 80 16 457 155 http TCP GET http://www.c-spline.com/images/cooper-connection_01.gif image/gif NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:14 w3proxy ACME-PROXY - www.c-spline.com - 80 - 444 155 http TCP GET http://www.c-spline.com/images/logo_sm.gif image/gif NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:14 w3proxy ACME-PROXY - www.c-spline.com - 80 16 445 155 http TCP GET http://www.c-spline.com/images/products.jpg image/jpeg NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:14 w3proxy ACME-PROXY - www.c-spline.com - 80 - 461 155 http TCP GET http://www.c-spline.com/images/Cooperc-spline/cprbline211.jpg image/jpeg NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:14 w3proxy ACME-PROXY - www.c-spline.com - 80 15 460 155 http TCP GET http://www.c-spline.com/Include/headers/menu/milonic_src.js application/x-javascript NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:14 w3proxy ACME-PROXY - www.c-spline.com - 80 - 451 155 http TCP GET http://www.c-spline.com/images/textbox_shadow.gif image/gif NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:14 w3proxy ACME-PROXY - www.c-spline.com - 80 16 458 155 http TCP GET http://www.c-spline.com/Include/headers/menu/mmenudom.js application/x-javascript NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:14 w3proxy ACME-PROXY - www.c-spline.com 44.231.209.19 80 2641 347 24328 http TCP GET http://www.c-spline.com/product/SearchProduct/search.asp?id=11 text/html Inet 200 0x40020001 Internet Access Grant Access to all destinations
10.54.35.2 ACME\hizzo Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:14 w3proxy ACME-PROXY - 145.27.59.156 145.27.59.156 80 734 453 172 http TCP GET http://145.27.59.156/scriptLib.js text/javascript VCache 304 0x1006 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:14 w3proxy ACME-PROXY - www.c-spline.com - 80 - 458 155 http TCP GET http://www.c-spline.com/Include/headers/menu/menu_data.js application/x-javascript NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:15 w3proxy ACME-PROXY - www.c-spline.com - 80 - 445 155 http TCP GET http://www.c-spline.com/images/whitend3.gif image/gif NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:15 w3proxy ACME-PROXY - www.c-spline.com - 80 - 444 155 http TCP GET http://www.c-spline.com/images/bee-gray.jpg image/jpeg NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.30.132 ACME\rross Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) Y 2006-11-16 00:00:15 w3proxy ACME-PROXY - www.c-spline.com - 80 16 446 155 http TCP GET http://www.c-spline.com/images/blinelogo.jpg image/jpeg NotModified 0 0x1002 Internet Access Grant Access to all destinations
10.54.35.2 ACME\hizzo Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:15 w3proxy ACME-PROXY - 145.27.59.156 145.27.59.156 80 609 450 172 http TCP GET http://145.27.59.156/common.js text/javascript VCache 304 0x1006 Internet Access Grant Access to all destinations
10.54.35.2 ACME\hizzo Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:15 w3proxy ACME-PROXY - 145.27.59.156 145.27.59.156 80 360 452 172 http TCP GET http://145.27.59.156/cssarrays.js text/javascript VCache 304 0x1006 Internet Access Grant Access to all destinations
10.54.35.2 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) N 2006-11-16 00:00:15 w3proxy ACME-PROXY - 145.27.59.156 - 80 - 456 2846 http TCP GET http://145.27.59.156/printstyles.css - - 407 - - -
10.54.35.2 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) N 2006-11-16 00:00:15 w3proxy ACME-PROXY - 145.27.59.156 - 80 - - 3319 http TCP GET http://145.27.59.156/images/Top_closed_arrow_down.gif - - 407 - - -
10.54.35.2 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) N 2006-11-16 00:00:15 w3proxy ACME-PROXY - 145.27.59.156 - 80 - - 3304 http TCP GET http://145.27.59.156/images/nav_02l.gif - - 407 - - -
10.54.35.2 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) N 2006-11-16 00:00:15 w3proxy ACME-PROXY - 145.27.59.156 - 80 - - 3304 http TCP GET http://145.27.59.156/images/nav_03l.gif - - 407 - - -
10.54.35.2 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) N 2006-11-16 00:00:15 w3proxy ACME-PROXY - 145.27.59.156 - 80 - - 3304 http TCP GET http://145.27.59.156/images/cleardot.gif - - 407 - - -
10.54.35.2 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) N 2006-11-16 00:00:15 w3proxy ACME-PROXY - 145.27.59.156 - 80 - - 1058 http TCP GET http://145.27.59.156/printstyles.css - - 407 - - -
10.54.35.2 ACME\hizzo Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:16 w3proxy ACME-PROXY - 145.27.59.156 145.27.59.156 80 437 450 172 http TCP GET http://145.27.59.156/navpad.css text/css VCache 304 0x1006 Internet Access Grant Access to all destinations
10.54.35.2 ACME\hizzo Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:16 w3proxy ACME-PROXY - 145.27.59.156 145.27.59.156 80 546 712 172 http TCP GET http://145.27.59.156/printstyles.css text/css VCache 304 0x1006 Internet Access Grant Access to all destinations
10.54.35.2 ACME\hizzo Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:16 w3proxy ACME-PROXY - 145.27.59.156 145.27.59.156 80 156 456 172 http TCP GET http://145.27.59.156/images/nav_06.gif image/gif VCache 304 0x1006 Internet Access Grant Access to all destinations
10.54.35.2 ACME\hizzo Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:16 w3proxy ACME-PROXY - 145.27.59.156 145.27.59.156 80 282 456 172 http TCP GET http://145.27.59.156/images/navgo.gif image/gif VCache 304 0x1006 Internet Access Grant Access to all destinations
10.54.35.2 ACME\hizzo Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:16 w3proxy ACME-PROXY - 145.27.59.156 145.27.59.156 80 266 456 172 http TCP GET http://145.27.59.156/images/nav_13.gif image/gif VCache 304 0x1006 Internet Access Grant Access to all destinations
10.54.35.2 ACME\hizzo Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:16 w3proxy ACME-PROXY - 145.27.59.156 145.27.59.156 80 453 456 172 http TCP GET http://145.27.59.156/images/nav_14.gif image/gif VCache 304 0x1006 Internet Access Grant Access to all destinations
10.54.35.2 ACME\hizzo Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:16 w3proxy ACME-PROXY - 145.27.59.156 145.27.59.156 80 453 577 172 http TCP GET http://145.27.59.156/images/Top_closed_arrow_down.gif image/gif VCache 304 0x1006 Internet Access Grant Access to all destinations
10.54.35.2 ACME\hizzo Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:17 w3proxy ACME-PROXY - 145.27.59.156 145.27.59.156 80 453 458 172 http TCP GET http://145.27.59.156/images/nav_01.gif image/gif VCache 304 0x1006 Internet Access Grant Access to all destinations
10.54.35.2 ACME\hizzo Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2006-11-16 00:00:17 w3proxy ACME-PROXY - 145.27.59.156 145.27.59.156 80 484 458 172 http TCP GET http://145.27.59.156/images/cw_logo.gif image/gif VCache 304 0x1006 Internet Access Grant Access to all destinations
- - Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N 2006-11-16 00:00:17 w3proxy ACME-PROXY - i.framp.com 67.45.248.177 80 890 160 - http TCP GET http://i.framp.com/images/global/brand/icons/viewlarger.gif image/gif VCache 304 0xa00000 - -
- - Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N 2006-11-16 00:00:17 w3proxy ACME-PROXY - i.framp.com 67.45.248.177 80 906 160 - http TCP GET http://i.framp.com/images/global/brand/title/fragsolid2.gif image/gif VCache 304 0xa00000 - -
- - Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N 2006-11-16 00:00:17 w3proxy ACME-PROXY - i.framp.com 67.45.248.177 80 891 155 - http TCP GET http://i.framp.com/images/global/masthead/nav_down.gif image/gif VCache 304 0xa00000 - -
- - Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N 2006-11-16 00:00:17 w3proxy ACME-PROXY - i.framp.com 67.45.248.177 80 906 158 - http TCP GET http://i.framp.com/images/global/masthead/activetabbg.jpg image/jpeg VCache 304 0xa00000 - -
- - Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N 2006-11-16 00:00:17 w3proxy ACME-PROXY - i.framp.com 67.45.248.177 80 906 170 - http TCP GET http://i.framp.com/images/global/masthead/inactivetab_rightcorner.jpg image/jpeg VCache 304 0xa00000 - -
- - Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N 2006-11-16 00:00:17 w3proxy ACME-PROXY - i.framp.com 67.45.248.177 80 906 168 - http TCP GET http://i.framp.com/images/global/masthead/activetab_rightcorner.jpg image/jpeg VCache 304 0xa00000 - -
- - Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N 2006-11-16 00:00:17 w3proxy ACME-PROXY - i.framp.com 67.45.248.177 80 921 148 - http TCP GET http://i.framp.com/images/global/general/oo.gif image/gif VCache 304 0xa00000 - -
- - Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N 2006-11-16 00:00:17 w3proxy ACME-PROXY - i.framp.com 67.45.248.177 80 921 160 - http TCP GET http://i.framp.com/images/global/masthead/inactivetabbg.jpg image/jpeg VCache 304 0xa00000 - -
- - Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N 2006-11-16 00:00:17 w3proxy ACME-PROXY - i.framp.com 67.45.248.177 80 921 155 - http TCP GET http://i.framp.com/images/global/masthead/mdabarbg.jpg image/jpeg VCache 304 0xa00000 - -
- - Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N 2006-11-16 00:00:17 w3proxy ACME-PROXY - i.framp.com 67.45.248.177 80 906 169 - http TCP GET http://i.framp.com/images/global/masthead/inactivetab_leftcorner.jpg image/jpeg VCache 304 0xa00000 - -
- - Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N 2006-11-16 00:00:17 w3proxy ACME-PROXY - i.framp.com 67.45.248.182 80 921 158 - http TCP GET http://i.framp.com/images/global/masthead/smlflags/jm.gif image/gif VCache 304 0xa00000 - -
A description of the fields in the ISA Server 2000 version log files can be found at this site.
A description of the fields in the ISA Server 2004 log files can be found `at this site.http://msdn2.microsoft.com/en-us/library/aa503237.aspx>`_
Other general information about ISA Server and ISA Server logs can be found at the following links:
Official Microsoft site for ISA Server 2000
Official Microsoft site for ISA Server 2004
Official Microsoft site for ISA Server 2006
Microsoft ISA Server Firewall Resource Site: Articles and Tutorials
` ISA Server 2000 Alerts, Reports and Logs FAQ <http://www.microsoft.com/technet/isa/2000/maintain/isafaqra.mspx>`_
Configuring ISA Server 2000 log files
How to Configure Logging in ISA Server 2000
ISA Server 2000 Monitoring Concepts: Logging
ISA Server 2000 Packet Filtering
About the ISA Server 2000 Firewall
ISA Server 2004 best practices: Logging
Description of the time format used in ISA Server 2004 logs
ISA Server 2004 Monitoring Concepts:Logs
ISA Server 2004 Log Code Values