LogAnalyzer 6 FAQ’s

How do I...

• What are the System Requirements for bt-LogAnalyzer
• Create a Log Info source
• No data found
• Schedule a report to run
• Customize an existing report
• Setup distribution for a scheduled report
• Export the results of a report
• Email a report
• Resolve usernames in a report
• Limit the report lines in a report
• Run a report on a specific user
• Create a new report
• Remove reports in bt-LogAnalyzer
• Adjust the bandwidth cost factor
• Adjust the view time factor
• Know which category a URL is in
• Export my LA6 settings
• Import my LA6 settings
• Upgrade the bt-LogAnalyzer software
• What are the required fields for bt-LogAnalyzer to read my log files
• Get data from my SQL Server
• What is the difference between viewing time and download time
• Create a report that shows the top 10 users, as well as the top 10 web sites accessed
• Configuring the bt-LogAnalyzer client for ISA 2004/2006 – Modifying the permissions and DCOM settings

Q: What are the System Requirements for bt-LogAnalyzer?

Windows 2000, 2003, 2008, XP, and 7

Q: How do I create a Log Info source?

1. Open up the bt-LogAnalyzer console
2. Right click on Log Info Sources, select New > Log Info Source
3. Select the option used communicate to your log files (Browse the log file folders, ODBC DSN value, or Local MSDE database)
4. Click on the Test button. Click the Ok button

Q: No data found?

'No Data' displays in the report
Typically this is caused by one of the following three conditions:

1. There are no logs for the Date or Time selected
2. The Log Info Sources are not correct
3. An incorrect log file format or date has been selected

Q: How do I schedule a report to run?

1. Open up the bt-LogAnalyzer console
2. Right click on the report you want to set a schedule for, and select Properties
3. Click on the Schedule tab
4. Set the schedule options for when the report should run, and click the Apply button. Click the Ok button

Q: How do I customize an existing report?

1. Open up the bt-LogAnalyzer console
2. Right click on the report you want to customize, and select Properties
3. There are 5 tabs listed: Common Options, Customize, Schedule, Distribution, and Security
4. Select the appropriate tab for your customizations, and click the Ok button

Q: How do I setup distribution for a scheduled report?

1. Open up the bt-LogAnalyzer console
2. Right click on the report you want to setup distribution for, and select Properties
3. Click on the Distribution tab
4. There are two options, you can setup the reports to email them, or you can save them to the local system, or a network drive
5. Click the Apply button. Click the Ok button

Q: How do I export the results of a report?

1. Open up the bt-LogAnalyzer console. Click the "+" next to Reports
2. Click on the report you wish to export. Right click on the Results on the Report, or under the Report
3. Select Export To: -- There are two options listed there: HTML, or XML
4. Select the files format you wish to export the results
5. Save the report to your local system, or a network share

Q: How do I email a report?

1. Open up the bt-LogAnalyzer console. Click the "+" next to Reports
2. Click on the report you wish to export. Right click on the Results on the Report, or under the Report
3. Select Send To:-- Select mail recipient
4. Type in the email address in select the the email format (HTML, or HTML attachment)

Q: How do I resolve usernames in a report?

1. Open up the bt-LogAnalyzer console. Click the "+" next to Reports
2. Right click on the report you want to resolve the usernames, and click on Properties
3. On the Common Options tab, click on the Advanced button
4. Check the box next to "Resolve User Names", click the Ok button, click the Ok button

Q: How do I limit the report lines in a report?

1. Open up the bt-LogAnalyzer console. Click the "+" sign next to Reports
2. Right click on the report you want to limit the number of lines for, and select Properties
3. On the Common Options tab, check the box next to Maximum Report Lines, and type in the actual number of lines you want to see in the report

Q: How do I run a report on a specific user?

1. Open up the bt-LogAnalyzer console. Click on the "+" sign next to Reports
2. Right click on the User Audit Details report, and select Properties
3. Click on the Customize tab. Click on the Edit button in the Users section
4. Click on the radio button next to Individual users and Groups. Click the Add button
5. Select the user from AD, or type in the username, click the Ok button
6. Click the Ok button. Right click on the User Audit Details report, and select Generate

Q: How do I create a new report?

1. Open up the bt-LogAnalyzer console
2. Right click on the Reports. Select New > Report
3. Name and customize your report, and click the Ok button

Q: How do I remove reports in bt-LogAnalyzer?

Alert: Deleting the files in the results directory prior to changing the date of the report generation will cause bt-LogAnalyzer to attempt to 'Catch Up' with all the deleted reports.

1. Open bt-LogAnalyzer Management Console
2. Left click on the 'Reports' option in the left window pane
3. You can sort the columns to whatever makes it easier to view and Identify the reports that you need to modify
4. Right click on the selected reports and select 'Properties'
5. Select the 'Schedule' tab and modify the 'Start report generation at' date to a later date. If you want to keep a week's worth of reports, select a date of 7 days prior. Do this for each of the reports
6. Once you have the reports scheduled date modified, expand the 'Reports' option in the left window pane.
7. Expand each report to see the report history. Right Click on the report and select 'Clear Results'
8. A 'Clear Results' window will appear. Select the reports that you wish to delete and select 'Ok'
9. When completed with all the reports proceed to step 1 under 'Exporting Settings'

Q: How do I adjust the bandwidth cost factor?

1. Open up the bt-LogAnalyzer console
2. Right click on Bandwidth Cost Factor, and select Edit
3. Adjust the values, and click the Ok button

Q: How do I adjust the view time factor?

1. Open up the bt-LogAnalyzer console
2. Right click on Viewing Time Factor and select Edit
3. Adjust the values, and click the Ok button

Q: how do I know which category a URL is in?

1. Open up the bt-LogAnalyzer console
2. Right click on Category Lookup
3. Type in the URL, or File Ext. Click the Find button

Q: How do I Export my LA6 settings?

1. Open up the bt-LogAnalyzer console
2. Right click on the bt-LogAnalyzer Server in the top portion of the left window pane
3. Select All Tasks > Settings Export. Click 'Next' at the 'bt-LogAnalyzer Settings Export' window
4. Accept the default location or select 'Change' to select a new location for the exported files
5. Verify the options and select 'Export' (Depending on the size of the c:\Program Files\Burst Technology\bt-Loganalyzer\results directory, this operation could take a long time to complete

Q: How do I import my LA6 settings?

1. If you changed servers, you will need to open the LogAnalyzer.reg file in the export directory and modify the field 'CurrentServer' with your new server name. Also, if you moved the installation from a x32 to a 64-bit system, you will need to modify all entries with the 'Program Files' as in a Windows 64-bit system, the directory for 32-bit applications is 'Program Files (x86)'
2. Open the bt-LogAnalyzer 6 Management Console
3. Right click on the bt-LogAnalyzer server in the top portion of the left window pane
4. Select 'All Tasks' then 'Settings Import'. Click 'Next' at the 'bt-LogAnalyzer Settings Import' Window
5. Click 'Change' and identify the location where the previous export was done and click 'Next'
6. Verify your settings and select 'Import'

Q: Upgrade to a newest version of bt-LogAnalyzer?

1. Download the latest version of bt-LogAnalyzer and unzip the file to your desktop
2. Open up the bt-LogAnalyzer Console. Right click on the bt-LogAnalyzer Server
3. Select All Tasks > Settings Export. The Export Wizard dialog box will walk you through exporting your settings
4. Execute the new bt-LogAnalyzer install that you downloaded in step 1. Reboot the server

Q: What are the required fields for bt-LogAnalyzer to read my log files?

1. Client IP (c-ip)
2. Client User Name (cs-username)
3. Date (date)
4. Time (time)
5. Processing Time (time-taken)
6. Bytes Sent (cs-bytes)
7. Bytes Received (sc-bytes)
8. Protocol (cs-protocol)
9. Operation (s-operation)
10. Object Name (cs-url)
11. Object MIME (cs-mime-type)
12. Result Code (sc-status)

Q: How do I Get data from my SQL Server?

A) Configure ISA Server to log to SQL Server

1. Start SQL Server Enterprise Manager. Expand Microsoft SQL Server
2. Connect to the SQL Server that you want to host the database files
3. On the Tools menu, click SQL Query Analyzer. On the File menu, click Open
4. Open the W3proxy.sql file (On the ISA 2004 CD “ISA\FPC\Program Files\Microsoft ISA Server”)
5. Type the following lines at the top of the script:

   Create database weblog

   Go Use weblog Go

6. On the Query menu, click Execute
7. Quit Query Analyzer. Press F5 to Update

B) How to set up SQL Server to accept the Open Database Connectivity (ODBC) from the ISA Server 2004

1. Start SQL Server Enterprise Manager. Microsoft SQL Servers
2. Connect to the SQL Server that you want to host the database files
3. Expand your SQL Server. Expand Security, and then right-click Logins
4. Click New Login. Use SQL Server Authentication
5. Type a name btLogAnalyzer to identify the logon method in the Name box
6. Click the Database Access tab. Click to select the weblog database that you created
7. Under Database roles for , click to select the db_datareaderand the db_datawritercheck boxes. Click OK
8. Quit SQL Server Enterprise Manager
9. Click Start, point to Programs, point to Administrative Tools, and then click Services
10. Right-click the MSSQLSERVER service, and then click Restart

C) How to set up the ODBC data source

1. Click Start, point to Programs, point to Administrative Tools, and then click Data Sources (ODBC)
2. Click the System DSN tab, then click Add
3. Under Select a driver for which you want to set up a data source, click SQL Server
4. Click Finish. Type the data source in the Name (webconn) box
5. Type a description in the Description box
6. Click the SQL Server that you want to connect to in the Server list. Click Next
7. Click With SQL Server authentication using a login ID (btLogAnalyzer) and password entered by the user to use an SQL account for authentication
8. Click to select the Change the default database to check box, and then type the DSN (webconn) that the ISA Server will connect to
9. Click Next, then click Finish

D) How to configure ISA Server 2004 to log information to an SQL Server database

1. Start the ISA Microsoft Management Console (MMC)
2. Expand your ISA Server, and click Monitoring. Click the Logging Tab
3. On the Task pane, click the Tasks tab, and then select the appropriate task
4. Click Configure Web Proxy Logging to configure the location of the Web Proxy log
5. Click the Log tab, and then click SQL Database. Type the DSN in the ODBC data source (webconn) box
6. Type the name of the table in the Table name (WebProxyLog) box
7. Type the account (btLogAnalyzer) that will be used to log on to the SQL Server in the Use this account box
8. Click OK. In the ISA MMC, click Apply to save the changes made to the ISA Server 2004
9. Restart the ISA Server 2004-based computer (The system policy rule Allow remote Logging using NetBIOS transport to trusted servers must be turned on to log to an SQL database)

E) Create a log info source in bt-LogAnalyzer software

1. Open up the bt-LogAnalyzer console
2. Right click on Log Info Sources, and select new log info source
3. Click on the radio button next to ODBC DSN
4. Type in the DSN value (webconn), Table (WebProxyLog), Username (btLogAnalyzer), and Password
5. Click the Test button, then the OK button

F) Configure the bt-LogAnalyzer service

1. Go to Start > All Programs > Administrative Tools > Services
2. Right click on the bt-LogAnalyzer service, select Properties, and click on the Login tab
3. Select the radio button next to this account and click on the browse button
4. Select your domain in the Location field, and click the OK button
5. Type in an account name that has administrative rights to the domain
6. Type in the password twice, and click the OK button
7. Stop and re-start the bt-LogAnalyzer service

G) Run a report in the bt-LogAnalyzer software

TOP

Q: How do I know what is the difference between viewing time and download time?

All of the information in the LogAnalyzer reports either comes straight from, or is based off of, your proxy log files. In the case of Download Time, proxy logs record how long it takes for a web site to completely download onto a requesting computer. Viewing Time, on the other hand, is a calculated value. It takes the number of successfully connected “clicks” a user makes in their browser (recorded as http or https requests in the log file) and multiplies it by the Viewing Time Factor to give you an estimate of how much time a user has spent online. In LogAnalyzer you have the option to set your Viewing Time Factor.

The default value is 10 seconds. What this means is that for every individual URL a user accesses, 10 seconds will be counted. The log files only show when a request is made and how many are made, not how much time a user spends on a page. As a result, if a user visits www.msnbc.com and leaves their browser on the page for 3 hours, by default only 10 seconds will get recorded. As I mentioned before, Viewing Time is an estimate, and is usually used more for comparison of users than anything else since there is no way of knowing exactly how long a web page was actually open on a user’s computer.

Q: Create a report that shows the top 10 users, as well as the top 10 web sites?

To create a report that shows the top 10 users, as well as the top 10 web sites accessed, you must create two reports

Note: I will be using Top10A and Top10B as examples, but name them whatever makes sense for your organization.

Create two new custom reports. Top10A and Top10B. Be sure to setup the Top10B report first.

Top10B Report:

1. In the 'Type of the report' section under the 'common options' tab, select the 'Global' option.
2. Click the 'X' button to the right to deselect all types of reporting variables.
3. Select the 'Top Users Activity - Web Pages' type.
4. Select the 'Maximum Report Lines' checkbox and change the value to '10'.
5. Click the 'Customize' tab and edit the 'Date/Time' interval to the desired values.
6. Click 'Ok'. Click 'Ok'. Generate the report.

Top10A Report:

1. In the 'Type of the report' section under the 'common options' tab, select the 'User audit detail' option.
2. Click the 'X' button to the right to deselect all types of reporting variables.
3. Select the 'WebPage Details' type. Select the 'Maximum Report Lines' checkbox and change the value to '10'.
4. Click the 'Customize' tab and edit the 'Date/Time' interval to the desired values. Click 'Ok'.
5. Click the 'Edit' button, located in the 'Reports' section of the 'Customize' tab.
6. Select the Top10B Report. Click 'Ok'. Click 'Ok'.

Q: Configuring the bt-LogAnalyzer client for ISA 2004/2006 – Modifying the permissions and DCOM settings?

A) Entering a Domain Administrator Account Into the LogAnalyzer Service On the ISA Server Machine

1. Click Start > Control Panel > Administrative Tools > Services
2. Locate the bt-LogAnalyzer service and right click > Properties
3. Click the LogOn tab and select “This Account”
4. Enter a domain admin account that you would like to run the LogAnalyzer service under
5. Click Apply > OK. Restart the service. Close the services console

B) Modifying the DCOM Settings on the ISA Server Machine

1. Click Start > Run and type dcomcnfg. Click OK
2. Click the + sign next to component services > Computers > My Computer
3. Select My Computer and double click on the DCOM Config folder
4. Right click on the MMC Application Class item > Properties. Click on the Security tab
5. Under the Launch and Activation Permissions select Customize and then click Edit. Click the Add button
6. Type in the name of the domain account you are running the LogAnalyzer service under and then click the ‘Check Names’ button > OK
7. Make sure all four check boxes under Allow are selected for the account > OK
8. Repeat the steps above for the Access Permissions section as well
9. No changes need to be made to the Configuration Permissions section
10. Click Apply > OK. You may now exit the DCOM Configuration Console

C) Setting up ISA to Communicate With the LogAnalyzer? Client PC

1. Launch the Microsoft ISA Management Console
2. On the left hand pane select “Firewall Policy”, then click on the “Tasks” tab in the right hand Pane
3. Click on “Create Access Rule”, type in a name for the access rule, and then click Next
4. Select “Allow” for the rule action and then click Next
5. In the protocols page, select the “drop down menu under this rule applies to” and select the “All outbound traffic” option
6. Click Next. In the Access Rules Source screen (From Source), click 'Add'
7. In the Access Rules Source screen (From Source), click the Add button
8. Enter a name for the client PC and then enter client machine’s IP address
9. Click OK, expand the “Computers” folder, select the Computer > Add
10. Expand the “Networks” folder, select Local Host > Add > Close > Next
11. In the Access Rules Destination screen (Applies to), click the Add button
12. Click the “+” next to the networks folder and select Local Host > Add
13. Click the “+” next to computers and select the Client PC. Click Add >Close > Next
14. In the User sets screen click the Next button. Click Finish
15. You must Apply the changes you made in ISA for the rule to take effect

D) Removing Strict RPC Compliance in the ISA Sytstem Policy

1. In the left hand pane, right click on “Firewall Policy” > Edit System Policy
2. Click on Authentication Services (A red arrow will appear next to Active Directory)
3. Uncheck the Enforce strict RPC compliance checkbox
4. Click OK (There will be a delay of 5-20 seconds after clicking the OK button)
5. You must click Apply for the changes you made to take effect

E) Modifying the Settings on the Client/Remote Machine

1. Repeat the instructions from step B above to add the domain account permissions to the MMC Application Class.
2. You will now be able to connect to the LogAnalyzer console from the client version