TMG Logging (Full Version)

All Forums >> [Threat Management Gateway (TMG) 2010] >> Installation



Message


fastjack -> TMG Logging (20.Jan.2011 5:04:26 AM)

hi there

we are starting the planning/testing work to migrate our ISA servers over to TMG. Under our ISA environment I am logging to flat files that I then export to a central location so scripts can be run against them.

I know you can set the TMG to this same function, but I thought I would investigate the SQL logging.

My Question :

I have set the logging to default ( SQL Express ), I now get the two files ( _WEB and _FWS ). How is it best to manage these? would people suggest moving them to a network location.

Any thoughts or advice about the logging?

FJ




paulo.oliveira -> RE: TMG Logging (20.Jan.2011 8:05:37 AM)

Hi,

ISA/TMG creates two log files (_WEB and _FWS) as you noticed, when using SQL Express logging. By default, these logs can not be moved to a network share, it should be on local disk, preferencing, different disks then other TMG services, like malware inspection, cache and SO.

If you want logs be on a different server than TMG, then you should use SQL logging.

More info about logging on TMG: http://technet.microsoft.com/en-gb/library/bb794937.aspx

Here are the Best Practices for logging on ISA, but I believe still fits for TMG: http://technet.microsoft.com/en-gb/library/cc302682.aspx

Regards,
Paulo Oliveira.




fastjack -> RE: TMG Logging (2.Feb.2011 3:41:16 AM)

thanks for the URL, after much reading I do have an additional question....

I think I will use the SQL logging instead of the flat file scenario, now the questions is it better to log to SQL Express or direct to central SQL server?

Any thoughts or opinions would be useful

(I will have 3 TMG servers once the migration from ISA 2006 is completed)

thanks in advance

FJ




paulo.oliveira -> RE: TMG Logging (5.Feb.2011 10:51:45 AM)

Hi FJ,

the difference between them is that with SQL Express, you can do real-time queries on TMG console. But, the downside is that increase disk and memory usage, because they´re all on the same machine.

Therefore, when using a central SQL server you can´t monitoring real-time logging, but can create custom reports using SQL Reporting Services capabilities.

Regards,
Paulo Oliveira.




Page: [1]