Forefront TMG 2010 SP2 - Logging override web pages


  • We have Forefront TMG 2010 SP2 on Windows Server 2008 R2.  Because we want to protect our network I created new firewall rule. This rule is Deny Web Destination with allow user override web page. This rule work perfectly, but now we want to logging this overrides web pages.

    I try to created new Filter in Logs & Reports with Override Rule for test, but this don’t work.

    Please help me find the solution for this case and how to create filter and reporting for overrides web pages?

    Best regards

    Ninja 4 IT

    Monday, December 10, 2012 12:38 PM

All replies

  • Netfee for TMG. Query all block informatiom, or query by rule of "Deny Web destintion".


    • Edited by tianyu.liu Wednesday, December 12, 2012 3:05 AM
    Wednesday, December 12, 2012 3:02 AM
  • Hi,

    Thank you for the post.

    As far as I know, there are two reports: Top overridden urls and Top Rule overridden users which are list the overridden information.


    Nick Gu - MSFT

    Wednesday, December 12, 2012 9:23 AM
  • wishfly,

    thank you for your post, but this product is not free, just 60-day trial. If is impossible, I want create solution for this case in section Logs & Reports with TMG filter.  

    In this section, we can create new filter for example;

    Filter by: Overridden Rule
    Condition: Contains
    Value: something

    I think, this is the right way for this case, but I don't understand why this don't work!

    If have somebody discusion with TMG filtering, please help and report the solution.


    Ninja 4 IT

    Thursday, December 13, 2012 10:43 AM
  • Because all log data writed into ONE table. It is huge. When you query something from it, need lots of time.

    But SQL server has time-out set. So you can not get what you want sometime. 


    • Edited by tianyu.liu Friday, December 14, 2012 9:24 AM
    Friday, December 14, 2012 2:20 AM
  • wishfly, thanks for your post.  I have another question about your your explanation.

    Why then can I see normaly data in fetching result window, after start query? 

    for example;

    Filter by: Client IP
    Condition: Equals

    This work perfectly and this are "live results" for PC network traffic.    Why then work for this case?  Are you sure about SQL and time-out set.?

    Ninja 4 IT

    Friday, December 14, 2012 9:25 AM
  • I don't know how MS process this situation in TMG. But i GUESS --

    Some query maybe spend more time. TMG set query result less than 10000 items every time. Your query "Client IP", maybe get 10000 recorders quickly and return result to you. But if you query "override", maybe can not get result quickly. So TIME-OUT :(

    When developing netfee, I have tried to read data directly from TMG log database to create report. But the time-cost in some query make me give up.


    • Edited by tianyu.liu Saturday, December 15, 2012 8:47 AM
    Saturday, December 15, 2012 1:31 AM
  • Hello,

    I would also like to a log of overridden sites. I can see overrides in Live logs but the problem is that if I filter it by Overridden Rule column I get every user action on overridden site, but I would like to filter log in a way that only one log entry per user session (user override) would be displayed (not every picture etc. that is included in overridden site).

    Can someone please help me filter logs?

    Thank you!

    Best wishes,


    Monday, January 28, 2013 11:23 AM