Microsoft ISA Server

Here is a sample of the firewall log from Microsoft ISA Server 2004 (in W3c extended format). Note that when the W3C extended log format is used, the times stamped on events are in Coordinated Universal Time (UTC) otherwise known as Greenwich Mean Time. So adjustments would have to be made during analysis for the particular time zone you are in.

Here is a sample of the web proxy log from ISA Server 2004. It is in W3C extended format.

Here are log samples from ISA Server 2000

IP Packet Filter log in W3C Extended format

2006-11-16 00:04:45 10.45.1.1 10.45.2.4 Udp 1675 137 - BLOCKED 10.45.1.1 23 44 44 4e yu bf 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8b 44 89 44 3a 82 37 2006-11-16 00:04:46 10.45.1.1 10.45.2.4 Udp 1675 137 - BLOCKED 10.45.1.1 23 44 44 4e yu c1 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8b 44 89 44 3a 82 35 2006-11-16 00:04:48 10.45.1.1 10.45.2.4 Udp 1675 137 - BLOCKED 10.45.1.1 23 44 44 4e yu c2 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8b 44 89 44 3a 82 33 2006-11-16 00:04:49 10.45.1.1 10.45.2.4 Udp 1675 137 - BLOCKED 10.45.1.1 23 44 44 4e yu ce 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8b 44 89 44 3a 82 31 2006-11-16 00:04:51 10.45.1.1 10.45.2.4 Udp 1675 137 - BLOCKED 10.45.1.1 23 44 44 4e yu cf 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8b 44 89 44 3a 82 2f 2006-11-16 00:08:51 10.45.1.1 10.45.2.4 Udp 1676 137 - BLOCKED 10.45.1.1 23 44 44 4e e6 61 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 4g 44 89 44 3a 82 26 2006-11-16 00:08:52 10.45.1.1 10.45.2.4 Udp 1676 137 - BLOCKED 10.45.1.1 23 44 44 4e e7 97 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 4g 44 89 44 3a 82 24 2006-11-16 00:08:54 10.45.1.1 10.45.2.4 Udp 1676 137 - BLOCKED 10.45.1.1 23 44 44 4e e8 4f 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 4g 44 89 44 3a 82 22 2006-11-16 00:08:55 10.45.1.1 10.45.2.4 Udp 1676 137 - BLOCKED 10.45.1.1 23 44 44 4e e9 d1 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 4g 44 89 44 3a 82 20 2006-11-16 00:08:57 10.45.1.1 10.45.2.4 Udp 1676 137 - BLOCKED 10.45.1.1 23 44 44 4e eb 4c 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 4g 44 89 44 3a 82 1e 2006-11-16 00:12:27 41.56.41.15 10.45.1.1 Tcp 80 24820 SYN ACK BLOCKED 10.45.1.1 23 44 44 30 bd eb 40 44 74 06 51 ac 0c 78 29 0f c0 a8 01 01 44 50 60 f4 ec f3 fc 84 h9 7d 10 a3 70 12 18 44 62 51 44 44 02 04 05 64 04 02 01 01 2006-11-16 00:12:28 41.56.41.15 10.45.1.1 Tcp 80 24820 SYN ACK BLOCKED 10.45.1.1 23 44 44 30 uj 0e 40 44 74 06 20 89 0c 78 29 0f c0 a8 01 01 44 50 60 f4 ec f3 fc 84 h9 7d 10 a3 70 12 18 44 62 51 44 44 02 04 05 64 04 02 01 01 2006-11-16 00:12:31 41.56.41.15 10.45.1.1 Tcp 80 24820 SYN ACK BLOCKED 10.45.1.1 23 44 44 30 11 61 40 44 74 06 fe 36 0c 78 29 0f c0 a8 01 01 44 50 60 f4 ec f3 fc 84 h9 7d 10 a3 70 12 18 44 62 51 44 44 02 04 05 64 04 02 01 01 2006-11-16 00:12:37 41.56.41.15 10.45.1.1 Tcp 80 24820 SYN ACK BLOCKED 10.45.1.1 23 44 44 30 57 15 40 44 74 06 b8 82 0c 78 29 0f c0 a8 01 01 44 50 60 f4 ec f3 fc 84 h9 7d 10 a3 70 12 18 44 62 51 44 44 02 04 05 64 04 02 01 01 2006-11-16 00:12:49 41.56.41.15 10.45.1.1 Tcp 80 24820 SYN ACK BLOCKED 10.45.1.1 23 44 44 30 b5 69 40 44 74 06 5a 2e 0c 78 29 0f c0 a8 01 01 44 50 60 f4 ec f3 fc 84 h9 7d 10 a3 70 12 18 44 62 51 44 44 02 04 05 64 04 02 01 01 2006-11-16 00:13:12 41.56.41.15 10.45.1.1 Tcp 80 24820 SYN ACK BLOCKED 10.45.1.1 23 44 44 30 58 ea 40 44 74 06 h9 yu 0c 78 29 0f c0 a8 01 01 44 50 60 f4 ec f3 fc 84 h9 7d 10 a3 70 12 18 44 62 51 44 44 02 04 05 64 04 02 01 01 2006-11-16 00:13:21 41.56.41.15 10.45.1.1 Tcp 80 24820 RST ACK BLOCKED 10.45.1.1 23 44 44 28 0f ca 40 44 74 06 ff d5 0c 78 29 0f c0 a8 01 01 44 50 60 f4 ec f3 fc 85 h9 7d 10 a3 50 14 44 44 a6 c1 44 00 2006-11-16 01:08:33 10.45.1.1 10.45.2.4 Udp 1677 137 - BLOCKED 10.45.1.1 23 44 44 4e 5c 5c 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8d 44 89 44 3a 81 9a 2006-11-16 01:08:34 10.45.1.1 10.45.2.4 Udp 1677 137 - BLOCKED 10.45.1.1 23 44 44 4e 5c 7e 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8d 44 89 44 3a 81 98 2006-11-16 01:08:36 10.45.1.1 10.45.2.4 Udp 1677 137 - BLOCKED 10.45.1.1 23 44 44 4e 5c f7 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8d 44 89 44 3a 81 96 2006-11-16 01:08:37 10.45.1.1 10.45.2.4 Udp 1677 137 - BLOCKED 10.45.1.1 23 44 44 4e 5d 75 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8d 44 89 44 3a 81 94 2006-11-16 01:08:39 10.45.1.1 10.45.2.4 Udp 1677 137 - BLOCKED 10.45.1.1 23 44 44 4e 5d bc 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8d 44 89 44 3a 81 92 2006-11-16 01:12:06 10.45.1.1 10.45.2.4 Udp 1678 137 - BLOCKED 10.45.1.1 23 44 44 4e 8f bc 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8e 44 89 44 3a 81 87 2006-11-16 01:12:08 10.45.1.1 10.45.2.4 Udp 1678 137 - BLOCKED 10.45.1.1 23 44 44 4e 90 96 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8e 44 89 44 3a 81 85 2006-11-16 01:12:09 10.45.1.1 10.45.2.4 Udp 1678 137 - BLOCKED 10.45.1.1 23 44 44 4e 91 bd 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8e 44 89 44 3a 81 83 2006-11-16 01:12:11 10.45.1.1 10.45.2.4 Udp 1678 137 - BLOCKED 10.45.1.1 23 44 44 4e 91 e0 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8e 44 89 44 3a 81 81 2006-11-16 01:12:12 10.45.1.1 10.45.2.4 Udp 1678 137 - BLOCKED 10.45.1.1 23 44 44 4e 92 11 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8e 44 89 44 3a 81 7f 2006-11-16 02:12:43 10.45.1.1 10.45.2.4 Udp 1679 137 - BLOCKED 10.45.1.1 23 44 44 4e 63 b5 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8f 44 89 44 3a 80 f6 2006-11-16 02:12:45 10.45.1.1 10.45.2.4 Udp 1679 137 - BLOCKED 10.45.1.1 23 44 44 4e 63 e0 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8f 44 89 44 3a 80 f4 2006-11-16 02:12:46 10.45.1.1 10.45.2.4 Udp 1679 137 - BLOCKED 10.45.1.1 23 44 44 4e 64 17 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8f 44 89 44 3a 80 f2 2006-11-16 02:12:48 10.45.1.1 10.45.2.4 Udp 1679 137 - BLOCKED 10.45.1.1 23 44 44 4e 64 5d 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8f 44 89 44 3a 80 f0 2006-11-16 02:12:49 10.45.1.1 10.45.2.4 Udp 1679 137 - BLOCKED 10.45.1.1 23 44 44 4e 64 73 44 44 80 11 44 44 c0 a8 01 01 c0 a8 02 04 06 8f 44 89 44 3a 80 ee

Here is the ISA Server 2000 Firewall Log in ISA Server format

Here is a sample of the ISA Server 2000 web proxy log in W3C Extended format

#Software: Microsoft(R) Internet Security and Acceleration Server 2000
#Version: 1.0
#Date: 2006-11-16 00:00:01
#Fields: c-ip cs-username     c-agent sc-authenticated        date    time    s-svcname       s-computername  cs-referred     r-host  r-ip    r-port  time-taken      cs-bytes        sc-bytes        cs-protocol     cs-transport    s-operation     cs-uri  cs-mime-type    s-object-source sc-status       s-cache-info    rule#1  rule#2
10.54.80.151  anonymous       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      N       2006-11-16      00:00:01        w3proxy ACME-PROXY      -       web.freemail.com        -       80      -       992     3292    http    TCP     POST    http://web.freemail.com/mail/channel/bind?at=3fed1555f6851887-10ee843eb7e&VER=2&SID=ABDB48E0D064E6E7&RID=83189&zx=f5lvq4-uftwvt&t=1     -       -       407     -       -       -
10.54.80.151  anonymous       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      N       2006-11-16      00:00:01        w3proxy ACME-PROXY      -       web.freemail.com        -       80      -       52      1980    http    TCP     POST    http://web.freemail.com/mail/channel/bind?at=3fed1555f6851887-10ee843eb7e&VER=2&SID=ABDB48E0D064E6E7&RID=83189&zx=f5lvq4-uftwvt&t=1     -       -       407     -       -       -
10.54.29.65   ACME\clmantock  Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Windows Live Messenger 8.0.0812) Y       2006-11-16      00:00:02        w3proxy ACME-PROXY      -       207.46.107.35   207.46.107.35   80      719     339     572     http    TCP     POST    http://207.46.107.35/gateway/gateway.dll?Action=poll&SessionID=1035492081.13530 application/x-msn-messenger     Inet    200     0x40000004      Internet Access Grant Access to all destinations
10.54.29.65   ACME\clmantock  Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Windows Live Messenger 8.0.0812) Y       2006-11-16      00:00:03        w3proxy ACME-PROXY      -       207.46.107.35   207.46.107.35   80      703     338     290     http    TCP     POST    http://207.46.107.35/gateway/gateway.dll?Action=poll&SessionID=1035492081.1247  application/x-msn-messenger     Inet    200     0x40000004      Internet Access Grant Access to all destinations
10.54.80.151  ACME\eflynn     Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:03        w3proxy ACME-PROXY      -       web.freemail.com        72.14.205.17    80      2329    1666    342     http    TCP     POST    http://web.freemail.com/mail/channel/bind?at=3fed1555f6851887-10ee843eb7e&VER=2&SID=ABDB48E0D064E6E7&RID=83189&zx=f5lvq4-uftwvt&t=1     text/html; charset=utf-8        Inet    200     0x42040004      Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:04        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      16      414     155     http    TCP     GET     http://www.c-spline.com/styles/style.css        text/css        NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:04        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       422     155     http    TCP     GET     http://www.c-spline.com/images/searchcooper2.gif        image/gif       NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:04        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       421     155     http    TCP     GET     http://www.c-spline.com/images/searchcooper.gif image/gif       NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:04        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       420     155     http    TCP     GET     http://www.c-spline.com/images/cooperhome2.gif  image/gif       NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:04        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       418     155     http    TCP     GET     http://www.c-spline.com/images/cooperhome.gif   image/gif       NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:04        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      16      428     155     http    TCP     GET     http://www.c-spline.com/images/cooper-connection_02.gif image/gif       NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:04        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       429     155     http    TCP     GET     http://www.c-spline.com/images/cooper-connection_01.gif image/gif       NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:04        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       416     155     http    TCP     GET     http://www.c-spline.com/images/logo_sm.gif      image/gif       NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:04        w3proxy ACME-PROXY      -       www.c-spline.com        44.231.209.19   80      2453    271     16042   http    TCP     GET     http://www.c-spline.com/euserc.asp      text/html       Inet    200     0x42020000      Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:04        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       428     155     http    TCP     GET     http://www.c-spline.com/images/Metering/Meterheader.jpg image/jpeg      NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:04        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       433     155     http    TCP     GET     http://www.c-spline.com/images/Cooperc-spline/cprbline211.jpg   image/jpeg      NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:04        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       432     155     http    TCP     GET     http://www.c-spline.com/Include/headers/menu/milonic_src.js     application/x-javascript        NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:04        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       430     155     http    TCP     GET     http://www.c-spline.com/Include/headers/menu/mmenudom.js        application/x-javascript        NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:04        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      16      423     155     http    TCP     GET     http://www.c-spline.com/images/textbox_shadow.gif       image/gif       NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:05        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       430     155     http    TCP     GET     http://www.c-spline.com/Include/headers/menu/menu_data.js       application/x-javascript        NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:05        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       417     155     http    TCP     GET     http://www.c-spline.com/images/whitend3.gif     image/gif       NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:05        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       416     155     http    TCP     GET     http://www.c-spline.com/images/bee-gray.jpg     image/jpeg      NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:05        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       415     155     http    TCP     GET     http://www.c-spline.com/images/euserc.jpg       image/jpeg      NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.20.97   anonymous       Mozilla/4.0 (compatible; MSIE 6.0; Win32)       N       2006-11-16      00:00:07        w3proxy ACME-PROXY      -       updaterservice.wildtangent.com  -       80      -       1480    2846    http    TCP     POST    http://updaterservice.wildtangent.com/updater/updatecheckin.wss -       -       407     -       -       -
10.54.20.97   anonymous       Mozilla/4.0 (compatible; MSIE 6.0; Win32)       N       2006-11-16      00:00:07        w3proxy ACME-PROXY      -       updaterservice.wildtangent.com  -       80      -       1187    887     http    TCP     POST    http://updaterservice.wildtangent.com/updater/updatecheckin.wss -       -       407     -       -       -
10.54.20.97   ACME\capadonna  Mozilla/4.0 (compatible; MSIE 6.0; Win32)       Y       2006-11-16      00:00:07        w3proxy ACME-PROXY      -       -       -       -       -       1716    -       -       TCP     POST    http://updaterservice.wildtangent.com/updater/updatecheckin.wss -       -       12209   0x4     Internet Access Block unproductive websites
10.54.35.2    ACME\hizzo      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:09        w3proxy ACME-PROXY      -       145.27.59.156   145.27.59.156   80      6453    4587    14623   http    TCP     POST    http://145.27.59.156/campaign   text/html       Inet    200     0x40000004      Internet Access Grant Access to all destinations
10.54.70.45   anonymous       Acrobat Messages Updater        N       2006-11-16      00:00:09        w3proxy ACME-PROXY      -       rms.adobe.com   -       80      -       224     2792    http    TCP     GET     http://rms.adobe.com/read/0600/win_/ENU/read0600win_ENUadbe0000.xml     -       -       407     -       -       -
10.54.80.133  ACME\rgordon    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:10        w3proxy ACME-PROXY      -       b.web.freemail.com      66.102.11.189   80      241844  1483    1410    http    TCP     GET     http://b.web.freemail.com/mail/channel/bind?at=d125f6cdf3da8331-10eebce9ebc&RID=rpc&SID=4E672078DDD815A7&CI=0&AID=1442&TYPE=html&zx=lr71ql-cphr5q&DOMAIN=web.freemail.com&t=1   text/html; charset=utf-8        Inet    200     0x42040001      Internet Access Grant Access to all destinations
10.54.80.133  anonymous       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      N       2006-11-16      00:00:10        w3proxy ACME-PROXY      -       b.web.freemail.com      -       80      -       992     3093    http    TCP     GET     http://b.web.freemail.com/mail/channel/bind?at=d125f6cdf3da8331-10eebce9ebc&RID=rpc&SID=4E672078DDD815A7&CI=0&AID=1451&TYPE=html&zx=3ie2qj-xmlylo&DOMAIN=web.freemail.com&t=1   -       -       407     -       -       -
10.54.80.133  anonymous       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      N       2006-11-16      00:00:10        w3proxy ACME-PROXY      -       b.web.freemail.com      -       80      -       -       1837    http    TCP     GET     http://b.web.freemail.com/mail/channel/bind?at=d125f6cdf3da8331-10eebce9ebc&RID=rpc&SID=4E672078DDD815A7&CI=0&AID=1451&TYPE=html&zx=3ie2qj-xmlylo&DOMAIN=web.freemail.com&t=1   -       -       407     -       -       -
10.54.70.99   anonymous       Acrobat Messages Updater        N       2006-11-16      00:00:12        w3proxy ACME-PROXY      -       rms.adobe.com   -       80      -       224     2792    http    TCP     GET     http://rms.adobe.com/read/0600/win_/ENU/read0600win_ENUadbe0000.xml     -       -       407     -       -       -
10.54.35.2    anonymous       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      N       2006-11-16      00:00:12        w3proxy ACME-PROXY      -       145.27.59.156   -       80      -       700     2846    http    TCP     GET     http://145.27.59.156/campaign?jcid=1163599178318&redir=index.xxx?aid=campaign&&HH1=34&gg2=45&dd1=15&mm1=23&re1=2006&HH2=19&MM2=15&dd2=15&mm2=23&re2=2006&rcp=&name=Hope+6-510&desc=Hope+6-510&rtype=2&val=1&msg=Hope+6-510+return+to+service+%40+6%3A43pm+after+relay+disabled  -       -       407     -       -       -
10.54.35.2    anonymous       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      N       2006-11-16      00:00:12        w3proxy ACME-PROXY      -       145.27.59.156   -       80      -       -       1302    http    TCP     GET     http://145.27.59.156/campaign?jcid=1163599178318&redir=index.xxx?aid=campaign&&HH1=34&gg2=45&dd1=15&mm1=23&re1=2006&HH2=19&MM2=15&dd2=15&mm2=23&re2=2006&rcp=&name=Hope+6-510&desc=Hope+6-510&rtype=2&val=1&msg=Hope+6-510+return+to+service+%40+6%3A43pm+after+relay+disabled  -       -       407     -       -       -
10.54.35.2    ACME\hizzo      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:12        w3proxy ACME-PROXY      -       145.27.59.156   145.27.59.156   80      172     956     259     http    TCP     GET     http://145.27.59.156/campaign?jcid=1163599178318&redir=index.xxx?aid=campaign&&HH1=34&gg2=45&dd1=15&mm1=23&re1=2006&HH2=19&MM2=15&dd2=15&mm2=23&re2=2006&rcp=&name=Hope+6-510&desc=Hope+6-510&rtype=2&val=1&msg=Hope+6-510+return+to+service+%40+6%3A43pm+aft   -       Inet    302     0x40000005      Internet Access Grant Access to all destinations
10.54.35.2    anonymous       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      N       2006-11-16      00:00:13        w3proxy ACME-PROXY      -       145.27.59.156   -       80      -       465     2846    http    TCP     GET     http://145.27.59.156/campaign/web/MCstyle.css   -       -       407     -       -       -
10.54.35.2    anonymous       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      N       2006-11-16      00:00:13        w3proxy ACME-PROXY      -       145.27.59.156   -       80      -       -       1067    http    TCP     GET     http://145.27.59.156/campaign/web/MCstyle.css   -       -       407     -       -       -
10.54.35.2    ACME\hizzo      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:13        w3proxy ACME-PROXY      -       145.27.59.156   145.27.59.156   80      422     721     172     http    TCP     GET     http://145.27.59.156/campaign/web/MCstyle.css   text/css        VCache  304     0x1006  Internet Access Grant Access to all destinations
10.54.35.2    ACME\hizzo      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:13        w3proxy ACME-PROXY      -       145.27.59.156   145.27.59.156   80      703     480     21834   http    TCP     GET     http://145.27.59.156/index.xxx?aid=campaign&pg=2.0      text/html       Inet    200     0x42000005      Internet Access Grant Access to all destinations
10.54.35.2    ACME\hizzo      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:13        w3proxy ACME-PROXY      -       145.27.59.156   145.27.59.156   80      360     457     172     http    TCP     GET     http://145.27.59.156/clientscripts.js   text/javascript VCache  304     0x1006  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:14        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       442     155     http    TCP     GET     http://www.c-spline.com/styles/style.css        text/css        NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:14        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      15      450     155     http    TCP     GET     http://www.c-spline.com/images/searchcooper2.gif        image/gif       NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:14        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       449     155     http    TCP     GET     http://www.c-spline.com/images/searchcooper.gif image/gif       NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       20081.6-11-16   00:00:14        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       448     155     http    TCP     GET     http://www.c-spline.com/images/cooperhome2.gif  image/gif       NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:14        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       446     155     http    TCP     GET     http://www.c-spline.com/images/cooperhome.gif   image/gif       NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:14        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       456     155     http    TCP     GET     http://www.c-spline.com/images/cooper-connection_02.gif image/gif       NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:14        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      16      457     155     http    TCP     GET     http://www.c-spline.com/images/cooper-connection_01.gif image/gif       NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:14        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       444     155     http    TCP     GET     http://www.c-spline.com/images/logo_sm.gif      image/gif       NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:14        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      16      445     155     http    TCP     GET     http://www.c-spline.com/images/products.jpg     image/jpeg      NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:14        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       461     155     http    TCP     GET     http://www.c-spline.com/images/Cooperc-spline/cprbline211.jpg   image/jpeg      NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:14        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      15      460     155     http    TCP     GET     http://www.c-spline.com/Include/headers/menu/milonic_src.js     application/x-javascript        NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:14        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       451     155     http    TCP     GET     http://www.c-spline.com/images/textbox_shadow.gif       image/gif       NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:14        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      16      458     155     http    TCP     GET     http://www.c-spline.com/Include/headers/menu/mmenudom.js        application/x-javascript        NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:14        w3proxy ACME-PROXY      -       www.c-spline.com        44.231.209.19   80      2641    347     24328   http    TCP     GET     http://www.c-spline.com/product/SearchProduct/search.asp?id=11  text/html       Inet    200     0x40020001      Internet Access Grant Access to all destinations
10.54.35.2    ACME\hizzo      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:14        w3proxy ACME-PROXY      -       145.27.59.156   145.27.59.156   80      734     453     172     http    TCP     GET     http://145.27.59.156/scriptLib.js       text/javascript VCache  304     0x1006  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:14        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       458     155     http    TCP     GET     http://www.c-spline.com/Include/headers/menu/menu_data.js       application/x-javascript        NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:15        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       445     155     http    TCP     GET     http://www.c-spline.com/images/whitend3.gif     image/gif       NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:15        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      -       444     155     http    TCP     GET     http://www.c-spline.com/images/bee-gray.jpg     image/jpeg      NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.30.132  ACME\rross      Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)   Y       2006-11-16      00:00:15        w3proxy ACME-PROXY      -       www.c-spline.com        -       80      16      446     155     http    TCP     GET     http://www.c-spline.com/images/blinelogo.jpg    image/jpeg      NotModified     0       0x1002  Internet Access Grant Access to all destinations
10.54.35.2    ACME\hizzo      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:15        w3proxy ACME-PROXY      -       145.27.59.156   145.27.59.156   80      609     450     172     http    TCP     GET     http://145.27.59.156/common.js  text/javascript VCache  304     0x1006  Internet Access Grant Access to all destinations
10.54.35.2    ACME\hizzo      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:15        w3proxy ACME-PROXY      -       145.27.59.156   145.27.59.156   80      360     452     172     http    TCP     GET     http://145.27.59.156/cssarrays.js       text/javascript VCache  304     0x1006  Internet Access Grant Access to all destinations
10.54.35.2    anonymous       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      N       2006-11-16      00:00:15        w3proxy ACME-PROXY      -       145.27.59.156   -       80      -       456     2846    http    TCP     GET     http://145.27.59.156/printstyles.css    -       -       407     -       -       -
10.54.35.2    anonymous       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      N       2006-11-16      00:00:15        w3proxy ACME-PROXY      -       145.27.59.156   -       80      -       -       3319    http    TCP     GET     http://145.27.59.156/images/Top_closed_arrow_down.gif   -       -       407     -       -       -
10.54.35.2    anonymous       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      N       2006-11-16      00:00:15        w3proxy ACME-PROXY      -       145.27.59.156   -       80      -       -       3304    http    TCP     GET     http://145.27.59.156/images/nav_02l.gif -       -       407     -       -       -
10.54.35.2    anonymous       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      N       2006-11-16      00:00:15        w3proxy ACME-PROXY      -       145.27.59.156   -       80      -       -       3304    http    TCP     GET     http://145.27.59.156/images/nav_03l.gif -       -       407     -       -       -
10.54.35.2    anonymous       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      N       2006-11-16      00:00:15        w3proxy ACME-PROXY      -       145.27.59.156   -       80      -       -       3304    http    TCP     GET     http://145.27.59.156/images/cleardot.gif        -       -       407     -       -       -
10.54.35.2    anonymous       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      N       2006-11-16      00:00:15        w3proxy ACME-PROXY      -       145.27.59.156   -       80      -       -       1058    http    TCP     GET     http://145.27.59.156/printstyles.css    -       -       407     -       -       -
10.54.35.2    ACME\hizzo      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:16        w3proxy ACME-PROXY      -       145.27.59.156   145.27.59.156   80      437     450     172     http    TCP     GET     http://145.27.59.156/navpad.css text/css        VCache  304     0x1006  Internet Access Grant Access to all destinations
10.54.35.2    ACME\hizzo      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:16        w3proxy ACME-PROXY      -       145.27.59.156   145.27.59.156   80      546     712     172     http    TCP     GET     http://145.27.59.156/printstyles.css    text/css        VCache  304     0x1006  Internet Access Grant Access to all destinations
10.54.35.2    ACME\hizzo      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:16        w3proxy ACME-PROXY      -       145.27.59.156   145.27.59.156   80      156     456     172     http    TCP     GET     http://145.27.59.156/images/nav_06.gif  image/gif       VCache  304     0x1006  Internet Access Grant Access to all destinations
10.54.35.2    ACME\hizzo      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:16        w3proxy ACME-PROXY      -       145.27.59.156   145.27.59.156   80      282     456     172     http    TCP     GET     http://145.27.59.156/images/navgo.gif   image/gif       VCache  304     0x1006  Internet Access Grant Access to all destinations
10.54.35.2    ACME\hizzo      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:16        w3proxy ACME-PROXY      -       145.27.59.156   145.27.59.156   80      266     456     172     http    TCP     GET     http://145.27.59.156/images/nav_13.gif  image/gif       VCache  304     0x1006  Internet Access Grant Access to all destinations
10.54.35.2    ACME\hizzo      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:16        w3proxy ACME-PROXY      -       145.27.59.156   145.27.59.156   80      453     456     172     http    TCP     GET     http://145.27.59.156/images/nav_14.gif  image/gif       VCache  304     0x1006  Internet Access Grant Access to all destinations
10.54.35.2    ACME\hizzo      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:16        w3proxy ACME-PROXY      -       145.27.59.156   145.27.59.156   80      453     577     172     http    TCP     GET     http://145.27.59.156/images/Top_closed_arrow_down.gif   image/gif       VCache  304     0x1006  Internet Access Grant Access to all destinations
10.54.35.2    ACME\hizzo      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:17        w3proxy ACME-PROXY      -       145.27.59.156   145.27.59.156   80      453     458     172     http    TCP     GET     http://145.27.59.156/images/nav_01.gif  image/gif       VCache  304     0x1006  Internet Access Grant Access to all destinations
10.54.35.2    ACME\hizzo      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)      Y       2006-11-16      00:00:17        w3proxy ACME-PROXY      -       145.27.59.156   145.27.59.156   80      484     458     172     http    TCP     GET     http://145.27.59.156/images/cw_logo.gif image/gif       VCache  304     0x1006  Internet Access Grant Access to all destinations
-     -       Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N       2006-11-16      00:00:17        w3proxy ACME-PROXY      -       i.framp.com     67.45.248.177   80      890     160     -       http    TCP     GET     http://i.framp.com/images/global/brand/icons/viewlarger.gif     image/gif       VCache  304     0xa00000        -       -
-     -       Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N       2006-11-16      00:00:17        w3proxy ACME-PROXY      -       i.framp.com     67.45.248.177   80      906     160     -       http    TCP     GET     http://i.framp.com/images/global/brand/title/fragsolid2.gif     image/gif       VCache  304     0xa00000        -       -
-     -       Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N       2006-11-16      00:00:17        w3proxy ACME-PROXY      -       i.framp.com     67.45.248.177   80      891     155     -       http    TCP     GET     http://i.framp.com/images/global/masthead/nav_down.gif  image/gif       VCache  304     0xa00000        -       -
-     -       Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N       2006-11-16      00:00:17        w3proxy ACME-PROXY      -       i.framp.com     67.45.248.177   80      906     158     -       http    TCP     GET     http://i.framp.com/images/global/masthead/activetabbg.jpg       image/jpeg      VCache  304     0xa00000        -       -
-     -       Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N       2006-11-16      00:00:17        w3proxy ACME-PROXY      -       i.framp.com     67.45.248.177   80      906     170     -       http    TCP     GET     http://i.framp.com/images/global/masthead/inactivetab_rightcorner.jpg   image/jpeg      VCache  304     0xa00000        -       -
-     -       Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N       2006-11-16      00:00:17        w3proxy ACME-PROXY      -       i.framp.com     67.45.248.177   80      906     168     -       http    TCP     GET     http://i.framp.com/images/global/masthead/activetab_rightcorner.jpg     image/jpeg      VCache  304     0xa00000        -       -
-     -       Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N       2006-11-16      00:00:17        w3proxy ACME-PROXY      -       i.framp.com     67.45.248.177   80      921     148     -       http    TCP     GET     http://i.framp.com/images/global/general/oo.gif image/gif       VCache  304     0xa00000        -       -
-     -       Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N       2006-11-16      00:00:17        w3proxy ACME-PROXY      -       i.framp.com     67.45.248.177   80      921     160     -       http    TCP     GET     http://i.framp.com/images/global/masthead/inactivetabbg.jpg     image/jpeg      VCache  304     0xa00000        -       -
-     -       Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N       2006-11-16      00:00:17        w3proxy ACME-PROXY      -       i.framp.com     67.45.248.177   80      921     155     -       http    TCP     GET     http://i.framp.com/images/global/masthead/mdabarbg.jpg  image/jpeg      VCache  304     0xa00000        -       -
-     -       Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N       2006-11-16      00:00:17        w3proxy ACME-PROXY      -       i.framp.com     67.45.248.177   80      906     169     -       http    TCP     GET     http://i.framp.com/images/global/masthead/inactivetab_leftcorner.jpg    image/jpeg      VCache  304     0xa00000        -       -
-     -       Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Active Cache Request N       2006-11-16      00:00:17        w3proxy ACME-PROXY      -       i.framp.com     67.45.248.182   80      921     158     -       http    TCP     GET     http://i.framp.com/images/global/masthead/smlflags/jm.gif       image/gif       VCache  304     0xa00000        -       -

A description of the fields in the ISA Server 2000 version log files can be found at this site.

A description of the fields in the ISA Server 2004 log files can be found `at this site.http://msdn2.microsoft.com/en-us/library/aa503237.aspx>`_

Other general information about ISA Server and ISA Server logs can be found at the following links:

Official Microsoft site for ISA Server 2000

Official Microsoft site for ISA Server 2004

Official Microsoft site for ISA Server 2006

Microsoft ISA Server Firewall Resource Site: Articles and Tutorials

` ISA Server 2000 Alerts, Reports and Logs FAQ <http://www.microsoft.com/technet/isa/2000/maintain/isafaqra.mspx>`_

Configuring ISA Server 2000 log files

How to Configure Logging in ISA Server 2000

ISA Server 2000 Monitoring Concepts: Logging

ISA Server 2000 Packet Filtering

About the ISA Server 2000 Firewall

ISA Server 2004 best practices: Logging

Description of the time format used in ISA Server 2004 logs

ISA Server 2004 Monitoring Concepts:Logs

ISA Server 2004 Log Code Values

Understanding ISA Server 2004 Monitoring

ISA Server 2006 Logging Fields and Values