ms_isa2dlf - convert Microsoft ISA server logs to DLF

ms_isa2dlf [file]

ms_isa2dlf converts Microsoft Internet Security and Acceleration Server log files in the W3C Extended Log Format to the proxy DLF. The ISA log files are documented on http://www.microsoft.com/technet/prodtechnol/isa/proddocs/isadocs/M_S_C_LoggingFields.asp .

As any Lire 2dlf program, this program needs adjusted LR_DBDIR, LR_DBFILE, LR_ID and PATH variables. These are set in .../etc/lire/defaults and .../etc/lire/profile_lean. After manually source-ing these files, one can run this program as a standalone application, by invoking it as e.g.

 zcat ms_isa.log.gz | LR_ID=`date +%Y%m%d.%H%M%S` ./ms_isa2dlf > /tmp/dlf

.

To process a log as produced by the Microsoft ISA Server:

 $ ms_isa2dlf < ms_isa.log

ms_isa2dlf will be rarely used on its own, but is more likely called by lr_log2report:

 $ cat /var/log/ms_isa.log | lr_run lr_log2report ms_isa

Chainsaw on OPN irc, for supplying log files.

w3c_extended2dlf(1)

$Id: ms_isa2dlf.in,v 1.13 2004/09/01 06:05:09 flacoste Exp $

Copyright (C) 2001 Stichting LogReport Foundation LogReport@LogReport.org

This program is part of Lire.

Lire is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with http://www.gnu.org/copyleft/gpl.html or write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.

Joost van Baal <joostvb@logreport.org>, heavily inspired by Francis J. Lacoste's w3c_extended2dlf(1)