How to configure Forefront Threat Management Gateway (TMG) 2010 to work with ProxyInspector

All articles

By default Microsoft® Forefront Threat Management Gateway 2010 stores log files into SQL Express databases (lightweight Microsoft SQL version). ProxyInspector works with both text and SQL Express log files, but access to the text log files is significantly faster than access to SQL databases. There are two text formats for log files: ISA Native and W3C, ProxyInspector supports both, however recommended format is W3C. In order to switch log files format from MSDE to W3C please do the following:
  • Run Forefront TMG 2010 console
  • Select Logs & Reports item on the left pane
  • Select Logging tab on the center pane
  • Select Tasks tab on the right pane
Configuring TMG 2010 logging

You will need to change log files format for Firewall and Web proxy. Please choose Configure Firewall Logging and Configure Web Proxy Logging items and perform actions shown below for each. Check on File option. In the dropdown list select W3C extended log file format. Enable logging for this service option should be enabled:

Настройки лог файлов TMG 2010

If you want to change log files location, press Options button, another dialog will appear where you can change the log files path, Compress log files and Delete log files older than should remain disabled(or value should be big enough):

Настройки лог файлов TMG 2010

Select Fields tab and check that all necessary fields are enabled. Please see table below for the list of necessary fields:

Firewall log files Web proxy log files

Log Date

Log Time

Transport (IP Protocol)

Client IP and port

Destination IP and port

Action (action)

Rule (rule)

Result Code (status)

Protocol (application protocol)

Bytes sent

Bytes sent Delta

Bytes recevied

Bytes recevied Delta

Processing Time (connection time)

Client Username (Username)

Client Agent (agent)

Client IP (c-ip)

Client Username (cs-username)

Client Agent (c-agent)

Log Date (date)

Log Time (time)

Destination Host Name (r-host)
Destination IP (r-ip)

Bytes Recevied (cs-bytes)

Bytes Sent (sc-bytes)

Protocol (cs-protocol)

URL (cs-uri)

MIME Type (cs-mime-type)

Object source (s-object-source)

Result Code (sc-status)

Rule (rule)

Action (action)

Tags: TMG, ProxyInspector, log file, getting started