• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

TMG Logging

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> Installation >> TMG Logging Page: [1]
Login
Message << Older Topic   Newer Topic >>
TMG Logging - 20.Jan.2011 5:04:26 AM   
fastjack

 

Posts: 65
Joined: 5.May2004
From: UK
Status: offline
hi there

we are starting the planning/testing work to migrate our ISA servers over to TMG. Under our ISA environment I am logging to flat files that I then export to a central location so scripts can be run against them.

I know you can set the TMG to this same function, but I thought I would investigate the SQL logging.

My Question :

I have set the logging to default ( SQL Express ), I now get the two files ( _WEB and _FWS ). How is it best to manage these? would people suggest moving them to a network location.

Any thoughts or advice about the logging?

FJ
Post #: 1
RE: TMG Logging - 20.Jan.2011 8:05:37 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

ISA/TMG creates two log files (_WEB and _FWS) as you noticed, when using SQL Express logging. By default, these logs can not be moved to a network share, it should be on local disk, preferencing, different disks then other TMG services, like malware inspection, cache and SO.

If you want logs be on a different server than TMG, then you should use SQL logging.

More info about logging on TMG: http://technet.microsoft.com/en-gb/library/bb794937.aspx

Here are the Best Practices for logging on ISA, but I believe still fits for TMG: http://technet.microsoft.com/en-gb/library/cc302682.aspx

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to fastjack)
Post #: 2
RE: TMG Logging - 2.Feb.2011 3:41:16 AM   
fastjack

 

Posts: 65
Joined: 5.May2004
From: UK
Status: offline
thanks for the URL, after much reading I do have an additional question....

I think I will use the SQL logging instead of the flat file scenario, now the questions is it better to log to SQL Express or direct to central SQL server?

Any thoughts or opinions would be useful

(I will have 3 TMG servers once the migration from ISA 2006 is completed)

thanks in advance

FJ

(in reply to paulo.oliveira)
Post #: 3
RE: TMG Logging - 5.Feb.2011 10:51:45 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi FJ,

the difference between them is that with SQL Express, you can do real-time queries on TMG console. But, the downside is that increase disk and memory usage, because they´re all on the same machine.

Therefore, when using a central SQL server you can´t monitoring real-time logging, but can create custom reports using SQL Reporting Services capabilities.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to fastjack)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> Installation >> TMG Logging Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts