29 October 2010

Webspy Vantage FTMG W3C import reverse or switch bytes in and out

When setting FTMG or even ISA 2006 to export the logs to w3c text files something strange happens...  The bytes in and bytes out values get switched around.  The result of this is that you will see what looks like a large amount of data going out towards a website as opposed to it coming in.

You can either edit the MSDEtoText.vbs files to switch the values for you.  (You can ask me for a copy of this script if you want one.) Or you can use import your logs directly form the MSDE database.

I raised this issue with the Webspy developers as a feature request and they confirmed that they now include an easy way for you to switch these values around.  You may want to change from the default if you are importing directly from the MSDE or if you have a script that allready fixes the issue. Note this is only for FTMG not for ISA 2006

When creating a storage you have to select the loader you will be using.

  • When you get to the loader section select Microsoft FTMG.
  • Click on properties.  
  • Change the format from Automatic detection to Forefront TMG (W3C).  
  • A new check box option will appear. Either check or uncheck "Reverse bytes sent and received to compensate for a bug in TMG's logging" depending or your scenario.

If you do this per input location after the storage has been created and contains data you will have to clear the storage and re-import all the logs.

No comments:

Post a Comment