We have Forefront TMG 2010 SP2 on Windows Server 2008 R2. Because we want to protect our network I created new firewall rule. This rule is Deny Web Destination with allow user override web page. This rule work perfectly, but now we want to logging this overrides web pages.
I try to created new Filter in Logs & Reports with Override Rule for test, but this don’t work.
Please help me find the solution for this case and how to create filter and reporting for overrides web pages?
Ninja 4 IT
wishfly,thank you for your post, but this product is not free, just 60-day trial. If is impossible, I want create solution for this case in section Logs & Reports with TMG filter.
In this section, we can create new filter for example;
Filter by: Overridden Rule
I think, this is the right way for this case, but I don't understand why this don't work!
If have somebody discusion with TMG filtering, please help and report the solution.
Ninja 4 IT
wishfly, thanks for your post. I have another question about your your explanation.
Why then can I see normaly data in fetching result window, after start query?
Filter by: Client IP
This work perfectly and this are "live results" for PC network traffic. Why then work for this case? Are you sure about SQL and time-out set.?
Ninja 4 IT
I don't know how MS process this situation in TMG. But i GUESS --
Some query maybe spend more time. TMG set query result less than 10000 items every time. Your query "Client IP", maybe get 10000 recorders quickly and return result to you. But if you query "override", maybe can not get result quickly. So TIME-OUT :(
When developing netfee, I have tried to read data directly from TMG log database to create report. But the time-cost in some query make me give up.
- Edited by tianyu.liu Saturday, December 15, 2012 8:47 AM
I would also like to a log of overridden sites. I can see overrides in Live logs but the problem is that if I filter it by Overridden Rule column I get every user action on overridden site, but I would like to filter log in a way that only one log entry per user session (user override) would be displayed (not every picture etc. that is included in overridden site).
Can someone please help me filter logs?