Top Web User always localhost RRS feed

  • Question

  • We are running Forefront Threat Management Gateway 2010 SP1 with the URL filtering and malware filtering. When we run reports, usually the top web user, the local system IP is the Top Application User, and DNS is the Top Application Protocol. The DNS traffic appears to be traffic that the TMG server is generating. Is there a way to have the local traffic not appear in the reports?
    Friday, August 20, 2010 5:35 PM


All replies

  • Hi,


    Thank you for the post.


    To remove the “local traffic” in the reports, you may create your own custom queries for SQL  to get a report that you want.



    Nick Gu - MSFT
    Tuesday, August 24, 2010 3:04 AM
  • Can you point me to some documentation on how to accomplish that?


    Thank You

    Wednesday, August 25, 2010 2:51 PM
  • Hello Jimmy,

    What Nick is saying is that you can do this by leveraging the data that is stored on SQL and create your custom Report by consuming the data stored on SQL. There is no specific documentation on TMG to do that since it is a more a SQL type of procedure. Here are the fields that are logged on the SQL database:

    Web Proxy Log fields: http://technet.microsoft.com/en-us/library/cc441708.aspx

    Firewall Log Fields: http://technet.microsoft.com/en-us/library/cc441692.aspx


    Yuri Diogenes [MSFT] - http://blogs.technet.com/yuridiogenes
    Friday, August 27, 2010 1:35 AM
  • I'm sorry but I do not feel that this answers my question. I was aware that I could write my own reports but the product should come with some basic reports that could be sent to management. The provided reports are not useful for providing information to management. It was stated that the reports were better in SP1 but other than a new look I have not found any true improvements. If you are wanting to compare to other products (like Websense) then you have a long way to go in the reporting category. They do not require you to write your own SQL queries and reports to get useful information.
    Tuesday, August 31, 2010 2:22 AM
  • Hi Jimmy, I understand your point, but unfortunetly TMG UI doesn't provide this built in feature. I will take your feedback to product team.



    Yuri Diogenes [MSFT] - http://blogs.technet.com/yuridiogenes
    Tuesday, August 31, 2010 2:50 AM