none
How Audit Users that connect direct access RRS feed

  • Question

  • Hello to all
    I need to generate a report including information from users who connect through the Direct Access is possible through the Audit Policy?

    Thanks


    Robson Hasselhoff - Follow me @Robk9e

    Tuesday, March 20, 2012 5:41 PM

Answers

  • Nevermind, I figured it out.

    Had to play around with the filter. This is what I'm using:

    Log Record Type - equals - Web Proxy Filter

    Log Time - Last 7 Days

    Client Username - not equal - [here goes my service account name]

    UAG Type - not equal - security

    Client Username - Contains - [here goes my domain name so it only gives me usernames

    Tuesday, August 14, 2012 4:41 PM

All replies

  • Hi,

    With Microsoft Forefront UAG 2010, you can enable logging into the SQL database with the following command : C:\Program
    Files\Microsoft Forefront Unified Access Gateway\utils\MonitorMgr\
    MonitorMgrUtil.exe –ssl 1

    Then activate a new UAG configuration. You will be able to access datas into the UAG monitoring web site. You can even access to the TMG database to retreive access to the informations.

    With only Windows 2008 R2, your only choice is to use Advanced Audit Policy Configuration to Audit IPSEc Main Mode and Quick Mode.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Tuesday, March 20, 2012 8:03 PM
  • Here is the offical TechNet doc on this: http://technet.microsoft.com/en-us/library/gg313783.aspx
    Wednesday, March 21, 2012 3:16 PM
  • Hi Guys,

    I need a historical stored for subsequent audits... run the command in UAG but appears only users connected and not historical


    Robson Hasselhoff - Follow me @Robk9e

    Wednesday, March 21, 2012 6:36 PM
  • Have a look ar rhe SQL Database http://technet.microsoft.com/en-us/library/d3c96245-f4f4-44fa-9d68-6e5874933154#user

    View Forefront UAG events logged to SQL Server in the Forefront TMG Management console, as follows.

    To view SQL Server logs

    1. In the Forefront TMG Management console, in the console tree, click Logs & Reports.

    2. In the details pane, click the Logging tab.

    3. On the Tasks tab, click Edit Filter.

    4. In the Edit Filter dialog box, In Filter by, set Log Record Type to Web Proxy Filter. To save the filter definition, click Save Filter and specify a name for the .xml query file.

    5. Click Start Query. Query results are displayed in the Logging tab.

    6. To customize the fields displayed in the logging tab, right-click any column title header in the results list, and then click Add/Remove columns. In the Add/Remove Columns dialog box, add or remove columns as required. For a list of Forefront UAG-specific logging fields, see SQL Server logging fields in the Technical Reference.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Wednesday, March 21, 2012 7:30 PM
  • Other solution, you can use the Powershell commandlet.

    First install it with the following command :

    %windir%\Microsoft.NET\Framework64\v2.0.50727\installutil
    DAUserMonitoringSnapIn.dll

    Then add the snapin : Add-PSSnapin UAGDAUserMonitoring

    And at last use the Het-DirectAccessUser commandlet with the showhistory parameter


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Thursday, March 22, 2012 8:23 AM
  • Have a look ar rhe SQL Database http://technet.microsoft.com/en-us/library/d3c96245-f4f4-44fa-9d68-6e5874933154#user

    View Forefront UAG events logged to SQL Server in the Forefront TMG Management console, as follows.

    To view SQL Server logs

    1. In the Forefront TMG Management console, in the console tree, click Logs & Reports.

    2. In the details pane, click the Logging tab.

    3. On the Tasks tab, click Edit Filter.

    4. In the Edit Filter dialog box, In Filter by, set Log Record Type to Web Proxy Filter. To save the filter definition, click Save Filter and specify a name for the .xml query file.

    5. Click Start Query. Query results are displayed in the Logging tab.

    6. To customize the fields displayed in the logging tab, right-click any column title header in the results list, and then click Add/Remove columns. In the Add/Remove Columns dialog box, add or remove columns as required. For a list of Forefront UAG-specific logging fields, see SQL Server logging fields in the Technical Reference.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx


    This doesn't really give you any useful reports. It only shows you the UAG service account connecting, not any end users connecting.

    This also seems to be forward looking, not historical seeing that it is on the "Logging" tab, not the "Reports" tab.

    Has anyone gotten this to give any useful reports?

    Tuesday, August 14, 2012 2:52 PM
  • Nevermind, I figured it out.

    Had to play around with the filter. This is what I'm using:

    Log Record Type - equals - Web Proxy Filter

    Log Time - Last 7 Days

    Client Username - not equal - [here goes my service account name]

    UAG Type - not equal - security

    Client Username - Contains - [here goes my domain name so it only gives me usernames

    Tuesday, August 14, 2012 4:41 PM