Configuring Forefront TMG logs
Updated: February 1, 2011
Applies To: Forefront Threat Management Gateway (TMG)
Forefront TMG provides a number of logging formats, including logging to a text file, a local SQL Server Express database, and a remote SQL Server computer. Because Forefront TMG is deployed to help secure your network, it is critical that logging information is always available and accurate. You should carefully monitor alerts and verify that their activity is always being logged. Forefront TMG provides a log queue feature to help ensure log availability during peak logging.
Check for alerts that indicate failure to log for a variety of reasons, including disk space, SQL Server connectivity issues, and others.
The following table summarizes the default log settings following installation:
| Setting | Details | Defaults |
|---|---|---|
Firewall log |
Logs traffic handled by the Firewall service |
Enabled by default to log into the SQL Express database on the local computer. |
Web proxy log |
Logs traffic handled by the Web proxy filter |
Enabled by default to log into the SQL Express database on the local computer. |
Log folder |
Location of log files |
By default in the ISALogs folder of the Forefront TMG installation directory |
Log limits |
Management of log file size |
Default settings: Total size limit=8GB Free disk size to maintain=512MB Maintenance method: Delete files as necessary Delete files older than=7 days |
Log queue |
The log queue is used to temporarily store log entries when they cannot be formatted. This may occur when log entries are generated faster than they can be formatted, or there is no connectivity to a remote SQL Server database. |
By default the log queue is stored in the ISALogs folder of the Forefront TMG installation folder. |
Alerts |
The alerts service notifies you when specific events occur. |
All log-related alerts are enabled by default |
The following topics provide information that can help you configure and maintain logs and run log queries: