ms_isa2dlf(1) convert Microsoft ISA server logs to DLF


ms_isa2dlf [file]


ms_isa2dlf converts Microsoft Internet Security and Acceleration Server log files in the W3C Extended Log Format to the proxy DLF. The ISA log files are documented on the section on ``Firewall and Web Proxy log fields'' in the document ``Microsoft Internet Security and Acceleration Server Enterprise Edition'' at


As any Lire 2dlf program, this program needs adjusted LR_DBDIR, LR_DBFILE, LR_ID and PATH variables. These are set in .../etc/lire/defaults and .../etc/lire/profile_lean. After manually source-ing these files, one can run this program as a standalone application, by invoking it as e.g.

 zcat ms_isa.log.gz | LR_ID=`date +%Y%m%d.%H%M%S` ./ms_isa2dlf > /tmp/dlf



To process a log as produced by the Microsoft ISA Server:

 $ ms_isa2dlf < ms_isa.log

ms_isa2dlf will be rarely used on its own, but is more likely called by lr_log2report:

 $ lr_log2report ms_isa < /var/log/ms_isa.log


Chainsaw on OPN irc, for supplying log files.


$Id:,v 1.16 2008/11/19 12:16:05 vanbaal Exp $


Copyright (C) 2001 Stichting LogReport Foundation [email protected]

This program is part of Lire.

Lire is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with


Joost van Baal <joos[email protected]>, heavily inspired by Francis J. Lacoste's w3c_extended2dlf(1)