Microsoft Forefront TMG advanced settings
You can use the following advanced settings to fine tune Microsoft Forefront TMG sources.
Parameter | Default value | Description |
---|---|---|
W3C Web protocol logs | ||
|
*WEB*.w3c | A mask/filter to categorize files into this file class. You can select * (many chars) ? (one char), # (a number), or a regex. |
|
W3C-WebProxy | The AgentLogFormat payload header field. If you don't want to include this
field, leave the value empty. |
|
\t |
The field list separator handles \t , XML , KEYED
(CSV) , or NCSA . |
W3C Firewall protocol logs | ||
|
*FWS*.w3c | A mask/filter to categorize files into this file class. You can select * (many chars) ? (one char), # (a number), or a regex. |
|
W3C-Firewall | The AgentLogFormat payload header field. If you don't want to include this
field, leave the value empty. |
|
\t |
The field list separator handles \t , XML , KEYED
(CSV) , or NCSA . |
IIS Web protocol logs | ||
|
*WEB*.iis | A mask/filter to categorize files into this file class. You can select * (many chars) ? (one char), # (a number), or a regex. |
|
IIS-WebProxy | The AgentLogFormat payload header field. If you don't want to include this
field, leave the value empty. |
|
Client IP,Client Username,Client Agent,Authenticated Client,Log Date,Log
Time,Service,Server Name,Referring Server,Destination Host Name,Destination IP,Destination
Port,Processing Time,Bytes Received,Bytes Sent,Protocol,Transport,HTTP Method,URL,MIME Type,Object
Source,Result Code,Cache Info,Rule,Filter Information,Source Network,Destination Network,Error
info,Action,GMT Log Time,Authentication Server,NIS Scan Result,NIS Signature,Threat Name,Malware
Inspection Action,Malware Inspection Result,URL Category,Content Delivery Method,UAG Array Id,UAG
Version,UAG Module Id,UAG Id,UAG Severity,UAG Type,UAG Event Name,UAG Session Id,UAG Trunk Name,UAG
Service Name,UAG Error Code,Malware Inspection Duration (msec),Threat Level,Internal Service Info
Log Fields,NIS Application Protocol,NAT Address,URL Categorization Reason |
The CSV fields to include in the payload. Use #FIELDS to grab first line in the file that starts with #Fields. Use #HDL_LINES to grab list of fields from file header. |
|
, | The field list separator handles \t , XML , KEYED
(CSV) , or NCSA . |
IIS Firewall protocol logs | ||
|
*FWS*.iis | A mask/filter to categorize files into this file class. You can select * (many chars) ? (one char), # (a number), or a regex. |
|
IIS-Firewall |
The AgentLogFormat payload header field. If you don't want to include this
field, leave the value empty. |
|
Server Name,Log Date,Log Time,Transport,Client IP and Port,Destination IP and
Port,Original Client IP,Source Network,Destination Network,Action,Result
Code,Rule,Protocol,Bidirectional,Bytes Sent,Bytes Sent Delta,Bytes Received,Bytes Received
Delta,Processing Time,Processing Time Delta,Source Proxy,Destination Proxy,Client Host
Name,Destination Host Name,Client Username,Client Agent,Session ID,Connection ID,Network
Interface,Raw IP Header,Raw Payload,GMT Log Time,NIS Scan Result,NIS Signature,NAT Address,Forefront
TMG Client FDQN,Forefront TMG Client Application Path,Firewall Client Application SHA1
Hash,Forefront TMG Client Application trust state,Forefront TMG Client Application Internal
Name,Forefront TMG Client Application Product Name,Forefront TMG Client Application Product
Version,Forefront TMG Client Application File Version,Forefront TMG Client Application Original File
Name,Internal Service Info Log Fields,NIS Application Protocol,Forefront TMG Client
Version |
The CSV fields to include in the payload. Use #FIELDS to grab first line in the file that starts with #Fields. Use #HDL_LINES to grab list of fields from file header. |
|
, | The field list separator handles \t , XML , KEYED
(CSV) , or NCSA . |