Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Microsoft Forefront TMG source

Microsoft Forefront Threat Management Gateway installations create individual firewall and web proxy event logs in a common log directory. To collect these events with WinCollect 10, you must configure your Microsoft Threat Management Gateway to write event logs to a directory.

Note:

Events that log to a Microsoft SQL server database are not supported by WinCollect.

WinCollect 10 supports the following event log formats:
  • Web proxy logs in WC3 format (w3c_web)
  • Microsoft firewall service logs in WC3 format (w3c_fws)
  • Web Proxy logs in IIS format (iis_web)
  • Microsoft firewall service logs in IIS format (iis_fws)
The W3C event format is the preferred event log format. The W3C format contains a standard heading with the version information and all of the fields that are expected in the event payload. You can customize the W3C event format for the firewall service log and the web proxy log to include or exclude fields from the event logs.
Most administrators can use the default W3C format fields. If the W3C format is customized, the following fields are required to properly categorize events: 
Required field Description
Client IP (c-ip) The source IP address.
Action The action that is taken by the firewall.
Destination IP (r-ip) The destination IP address.
Protocol (cs-protocol) The application protocol name, for example, HTTP or FTP.
Client username (cs-username) The user account that made the data request of the firewall service.
Client username (username) The user account that made the data request of the web proxy service.
Table 1: Microsoft Forefront TMG source parameters
Parameter Description
Type Microsoft Forefront TMG
Root directory Example: <Program Files>\<Forefront Directory>\ISALogs\
Note:

You no longer need to enter the UNC path for remote sources.

Log types
  • W3C web protocol logs
  • W3C Firewall protocol logs
  • IIS web protocol logs
  • IIS Firewall protocol logs

Supported versions of Microsoft Forefront TMG

  • Microsoft Forefront Threat Management Gateway 2010