Microsoft Forefront TMG source
Microsoft Forefront Threat Management Gateway installations create individual firewall and web proxy event logs in a common log directory. To collect these events with WinCollect 10, you must configure your Microsoft Threat Management Gateway to write event logs to a directory.
Note:
Events that log to a Microsoft SQL server database are not supported by WinCollect.
WinCollect 10
supports the following event log formats:
- Web proxy logs in WC3 format (w3c_web)
- Microsoft firewall service logs in WC3 format (w3c_fws)
- Web Proxy logs in IIS format (iis_web)
- Microsoft firewall service logs in IIS format (iis_fws)
Most administrators can use the default W3C format fields. If the W3C format is customized, the
following fields are required to properly categorize events:
Required field | Description |
---|---|
Client IP (c-ip) | The source IP address. |
Action | The action that is taken by the firewall. |
Destination IP (r-ip) | The destination IP address. |
Protocol (cs-protocol) | The application protocol name, for example, HTTP or
FTP . |
Client username (cs-username) | The user account that made the data request of the firewall service. |
Client username (username) | The user account that made the data request of the web proxy service. |
Parameter | Description |
---|---|
Type | Microsoft Forefront TMG |
Root directory | Example: <Program Files>\<Forefront Directory>\ISALogs\ Note:
You no longer need to enter the UNC path for remote sources. |
Log types |
|
Supported versions of Microsoft Forefront TMG
- Microsoft Forefront Threat Management Gateway 2010