Another reportign qurestion about one or two IP addresses

When I run the staandard report query inside TMG Foreftont, I can pick
monthly or daily. When I get to the top websites section, the top 6 are in
Amsterdam (I'm sure its a nice country but we don't do a lot of business
with them). Is there any way to query the logs to find out who is going
there? The logs are all in option #1 format (SQL Server Express 2005 ).

Thanks!

Arch

Use the monitoring log to filter the logs to show only entries with one of
the particular IP# destiantions in Amsterdam. Then look at the Client IP#
on the log entry.

Because of all the "shady" activity in that part of the World,...it is most
likely the result of some kind of infection (spyware, adware, scareware,
viruses,..take your pick). It could be a simple as some kind of Tool Bar in
the browser that some user was "con'ed" into adding to their browser that
"runs home to momma" once ever few minutes. It could also be Add banners
that are seen in a common website,..after all those ads are not *really* on
the same web server as the site,...they are just linked in from wherever
they are at.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Technet Library
ISA2004
http://technet.microsoft.com/en-us/l...chNet.10).aspx
ISA2006
http://technet.microsoft.com/en-us/l...chNet.10).aspx

Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/p...s/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/e...epartners.mspx
-----------------------------------------------------


"msnews.microsoft.com" <Arch@tuparks.com> wrote in message
news:O1%23ppS3wJHA.956@TK2MSFTNGP03.phx.gbl...
> When I run the staandard report query inside TMG Foreftont, I can pick
> monthly or daily. When I get to the top websites section, the top 6 are in
> Amsterdam (I'm sure its a nice country but we don't do a lot of business
> with them). Is there any way to query the logs to find out who is going
> there? The logs are all in option #1 format (SQL Server Express 2005 ).
>
> Thanks!
>
> Arch
>
>
>

Well bust my booty...I had no idea that monitoring log woudl pull from
something besides what was happening right now! When I read your post, I
just found that you could change it from "live" to a previous time period.

Thanks so much for your help!

Arch



"Phillip Windell" <philwindell@hotmail.com> wrote in message
news:Oec7Wt3wJHA.4176@TK2MSFTNGP03.phx.gbl...
> Use the monitoring log to filter the logs to show only entries with one of
> the particular IP# destiantions in Amsterdam. Then look at the Client IP#
> on the log entry.
>
> Because of all the "shady" activity in that part of the World,...it is
> most likely the result of some kind of infection (spyware, adware,
> scareware, viruses,..take your pick). It could be a simple as some kind
> of Tool Bar in the browser that some user was "con'ed" into adding to
> their browser that "runs home to momma" once ever few minutes. It could
> also be Add banners that are seen in a common website,..after all those
> ads are not *really* on the same web server as the site,...they are just
> linked in from wherever they are at.
>
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
> Technet Library
> ISA2004
> http://technet.microsoft.com/en-us/l...chNet.10).aspx
> ISA2006
> http://technet.microsoft.com/en-us/l...chNet.10).aspx
>
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Troubleshooting Client Authentication on Access Rules in ISA Server 2004
> http://download.microsoft.com/downlo...7/ts_rules.doc
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/p...s/default.mspx
>
> Microsoft ISA Server Partners: Partner Hardware Solutions
> http://www.microsoft.com/forefront/e...epartners.mspx
> -----------------------------------------------------
>
>
> "msnews.microsoft.com" <Arch@tuparks.com> wrote in message
> news:O1%23ppS3wJHA.956@TK2MSFTNGP03.phx.gbl...
>> When I run the staandard report query inside TMG Foreftont, I can pick
>> monthly or daily. When I get to the top websites section, the top 6 are
>> in Amsterdam (I'm sure its a nice country but we don't do a lot of
>> business with them). Is there any way to query the logs to find out who
>> is going there? The logs are all in option #1 format (SQL Server Express
>> 2005 ).
>>
>> Thanks!
>>
>> Arch
>>
>>
>>
>
>

Hello Arch,

You may want to try my freeware program made especially for that!
http://www2.tech-mentor.com/uwr

Alain Hogue

"Arch Willingham" <arch@tuparks.com> wrote in message
news:egJhDk7wJHA.4980@TK2MSFTNGP02.phx.gbl...
> Well bust my booty...I had no idea that monitoring log woudl pull from
> something besides what was happening right now! When I read your post, I
> just found that you could change it from "live" to a previous time period.

Glad to be of help. :-)

But if you try to take to big a bite it will choke up trying to gather all
of it,..plus the output is limited to a certain number of lines and then it
will just stop, so you have to add other conditions to reduce the size of
the output.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------