I have decided to shutdown the Loggerythm site at http://www.loggerythm.com and move everything here, the reason is simple, trying to keep more than one web site up to date is a major pain, also you have a means to contact me direct on this site by using the "contact us" link rather than through email, I rarely read the mail box for Loggerythm as it is 99.99% SPAM and just not worth my time. So, there is nothing new here, just the same software on a different site, but this might encourage me to start it up again.
Loggerythm is a log analysis program that supports Microsoft ISA Server 2000 – Web proxy logs in EXTENDED and STANDARD format (including reverse proxy analysis), Firewall and IP logs, Exchange 5.5 and Exchange 2000 Internet mail . It also supports ISA 2004 if you log to good old text files.
Please use the links on the left to go to the new documentation home and to the download page. You can download from here.
Quick start instructions, please note there is no GUI for this program, you run it from the command line, as such is can be scheduled quite easily.
Loggerythm Log Analyser
For reverse proxy reporting you MUST be logging the Service name (s-svcname) field OR set your inside IP's, one or the other or both.
| Service name (s-svcname) |
The name of the service that is logged. Which can be :
|
Then to set up Loggerythm, follow these steps.
1) Edit the config file with a text editor, Notepad will do, set up a profile, you can just modify the existing one called [isaweb_server1] if you want. Looking at this below the only things you will need to change are the db_path and html_path to point to where your logs are for db_path and where you want your output to go for html_path, html_path must be a valid existing path, the program will not create directories if they don't exist. NO TRAILING BACKSLASHES PLEASE.
2) Optional – Then add your inside IP address ranges following the example given, the only wild card character you can use is the star * . If you really don't care about the program NOT counting activity inside the firewall then just leave this blank.
3) For GMT hours, take your time zone, be it plus or minus GMT / UTC, work out the difference in seconds, i.e. for me it UTC +11 so its 11 x 60 x 60 = 39600. You need this because ISA logs in GMT Time, if we don't correct then your usage peaks show up in the wrong place, in my case at mid-evening instead of mid-morning.
4) A valid report period, can be lastday, lastweek, last2weeks, last3weeks, lastmonth, all
[isaweb]
logtype=isawebext
filespec=webextd*.log
db_path=d:\logs\isalogs
html_path=C:\Output\ISAWeb
dolookups=0
cost_kb=0
tablerows=25
insideips=172.17.*,172.18.*,192.168.*
DateSeparator=-
LogDateFormat=yyyy/mm/dd
defaultfilename=index.html
GMThours=39600
ReportPeriod=lastweek
iptowatch=
usertowatch=
ignore_anon=
userdetail=1
userdetailrows=10
**Do not change Date Separator, log date format will be correct in 99% of default setups.
5) Test it, open a DOS prompt and go to the Loggerythm Directory, Win2K and NT ? try this