Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Microsoft Forefront TMG advanced settings

You can use the following advanced settings to fine tune Microsoft Forefront TMG sources.

Microsoft Forefront TMG advanced settings

Parameter Default value Description
W3C Web protocol logs
  • Filename pattern
*WEB*.w3c A mask/filter to categorize files into this file class. You can select * (many chars) ? (one char), # (a number), or a regex.
  • W3C_WEB_format
W3C-WebProxy The AgentLogFormat payload header field. If you don't want to include this field, leave the value empty.
  • W3C_WEB_fldListSep
\t The field list separator handles \t, XML, KEYED (CSV), or NCSA.
W3C Firewall protocol logs
  • Filename pattern
*FWS*.w3c A mask/filter to categorize files into this file class. You can select * (many chars) ? (one char), # (a number), or a regex.
  • W3C_FWS_format
W3C-Firewall The AgentLogFormat payload header field. If you don't want to include this field, leave the value empty.
  • W3C_FWS_fldListSep
\t The field list separator handles \t, XML, KEYED (CSV), or NCSA.
IIS Web protocol logs
  • Filename pattern
*WEB*.iis A mask/filter to categorize files into this file class. You can select * (many chars) ? (one char), # (a number), or a regex.
  • IIS_WEB_format
IIS-WebProxy The AgentLogFormat payload header field. If you don't want to include this field, leave the value empty.
  • IIS_WEB_fldList
Client IP,Client Username,Client Agent,Authenticated Client,Log Date,Log Time,Service,Server Name,Referring Server,Destination Host Name,Destination IP,Destination Port,Processing Time,Bytes Received,Bytes Sent,Protocol,Transport,HTTP Method,URL,MIME Type,Object Source,Result Code,Cache Info,Rule,Filter Information,Source Network,Destination Network,Error info,Action,GMT Log Time,Authentication Server,NIS Scan Result,NIS Signature,Threat Name,Malware Inspection Action,Malware Inspection Result,URL Category,Content Delivery Method,UAG Array Id,UAG Version,UAG Module Id,UAG Id,UAG Severity,UAG Type,UAG Event Name,UAG Session Id,UAG Trunk Name,UAG Service Name,UAG Error Code,Malware Inspection Duration (msec),Threat Level,Internal Service Info Log Fields,NIS Application Protocol,NAT Address,URL Categorization Reason The CSV fields to include in the payload. Use #FIELDS to grab first line in the file that starts with #Fields. Use #HDL_LINES to grab list of fields from file header.
  • IIS_WEB_fldListSep
, The field list separator handles \t, XML, KEYED (CSV), or NCSA.
IIS Firewall protocol logs
  • Filename pattern
*FWS*.iis A mask/filter to categorize files into this file class. You can select * (many chars) ? (one char), # (a number), or a regex.
  • IIS_FWS_format
IIS-Firewall The AgentLogFormat payload header field. If you don't want to include this field, leave the value empty.
  • IIS_FWS_fldList
Server Name,Log Date,Log Time,Transport,Client IP and Port,Destination IP and Port,Original Client IP,Source Network,Destination Network,Action,Result Code,Rule,Protocol,Bidirectional,Bytes Sent,Bytes Sent Delta,Bytes Received,Bytes Received Delta,Processing Time,Processing Time Delta,Source Proxy,Destination Proxy,Client Host Name,Destination Host Name,Client Username,Client Agent,Session ID,Connection ID,Network Interface,Raw IP Header,Raw Payload,GMT Log Time,NIS Scan Result,NIS Signature,NAT Address,Forefront TMG Client FDQN,Forefront TMG Client Application Path,Firewall Client Application SHA1 Hash,Forefront TMG Client Application trust state,Forefront TMG Client Application Internal Name,Forefront TMG Client Application Product Name,Forefront TMG Client Application Product Version,Forefront TMG Client Application File Version,Forefront TMG Client Application Original File Name,Internal Service Info Log Fields,NIS Application Protocol,Forefront TMG Client Version The CSV fields to include in the payload. Use #FIELDS to grab first line in the file that starts with #Fields. Use #HDL_LINES to grab list of fields from file header.
  • IIS_FWS_fldListSep
, The field list separator handles \t, XML, KEYED (CSV), or NCSA.