we are starting the planning/testing work to migrate our ISA servers over to TMG. Under our ISA environment I am logging to flat files that I then export to a central location so scripts can be run against them.
I know you can set the TMG to this same function, but I thought I would investigate the SQL logging.
My Question :
I have set the logging to default ( SQL Express ), I now get the two files ( _WEB and _FWS ). How is it best to manage these? would people suggest moving them to a network location.
From: Amazon, Brazil
ISA/TMG creates two log files (_WEB and _FWS) as you noticed, when using SQL Express logging. By default, these logs can not be moved to a network share, it should be on local disk, preferencing, different disks then other TMG services, like malware inspection, cache and SO.
If you want logs be on a different server than TMG, then you should use SQL logging.