I’ve been having a look through the reporting functionality included in Microsoft Forefront Threat Management Gateway to find that not much has changed from ISA Server 2006. There is some new information regarding the newly implemented URL categorization and threat management technology, but there is very little flexibility or customization for those with reporting requirements beyond general overviews cluttered with irrelevant information.
Here’s a quick video outlining some of the differences between TMGs Reporting, and what can be achieved using WebSpy Vantage. The video does not illustrate all the limitations outlined below, so please read on.
Whats is in the Forefront TMG report?
The default TMG report contains the following sections
- Web Usage
- Application Usage
- Traffic and Utilization
- Malware Protection
- URL Filtering
- Network Inspection System
Each section contains overviews such as ‘Top users’ and ‘Top Sites’.
If your reporting requirements can be satisfied with these overviews – that’s great! Unfortunately, when you start thinking about what system administrators and other people in your organization actually need to make informed decisions, this report is quite limiting.
The 8 Limitations of Microsoft Forefront TMG’s Reporting
Here is what I consider to be the 8 main limitations of Microsoft Forefront TMG’s reporting functionality.
1. No Drilldowns
Want to see the sites that the top 5 users accessed? Want to see the users that downloaded the most traffic from youtube? These are fairly standard reporting requirements that simply cannot be achieved using the inbuilt TMG reporting.
WebSpy Vantage lets you either interactively drilldown into a user or site, or produce a regular report that includes further details about what your top users have actually been up to.
2. No Filtering
When you generate a report in TMG, you can only filter the report by a date range. There is no way to filter out anonymous (unauthenticated) traffic or exclude traffic coming from advertising servers (such as doubleclick and 2mdn.net) that tend to dominate most of the top 10 sites.
This can easily be achieved using WebSpy’s software. Check out my video on how to remove clutter from your web reports.
3. No Customization
Customization of each overview in the TMG report is limited to the number of items to show (e.g. top 5 or top 50 users), and the sort order (Incoming Bytes, Outgoing Bytes, Requests and Total Bytes).
What about the time a user spent browsing the web, or the number of users that visited a specific site? There is no way to add custom columns such as total browsing time, average session time, or number of users/sites/IPs to the report tables.
Or say you simply want to change your top users chart from a bar to pie to easily see the percentage used. Nope sorry!
If you do make one of the two available customizations in a TMG report, you then get the annoying Apply / Discard message to save changes to the configuration database.
All of these customizations can be achieved using WebSpy Vantage, and it doesn’t touch your TMG server to apply a change to a report.
4. Limited Report Distribution
When you generate a report, you get the option to email it to a specific email address. What if you would like to create a report for every department, and then email it to the managers of each department? Or better yet, host the report on a secure web server where department managers can log in and view their reports?
WebSpy Vantage Ultimate comes with a secure ‘Web Module’ specifically for this purpose and managers still receive a link to the report via email.
5. Cluttered ‘Top Sites’ List
The ‘Top sites’ list can become particularly cluttered due to the inclusion of sub-domains. I don’t want to mentally add up the size values from farm1.static.flickr.com, farm2.static.flickr.com, and farm3.static.flicr.com – I just want to know how much was downloaded from flickr.com.
This is compounded by the inability to exclude sites that are merely placing advertising banners on the actual sites users are visiting (as mentioned in the ‘No Filtering’ limitation above).
WebSpy Vantage breaks URLs down into separate components and lets you analyze each part separately. Look at the Site Domains summary to remove sub-domains and see only flickr.com. Or perhaps you want to see the keywords a user entered into search engines like Google? Or perhaps the top pages accessed within a website? No problem. Just include the Site Keywords or Site Resource summaries in your Vantage reports.
6. No Grouping or Aliasing
There is no way to group users into departments or locations, or IP addresses into subnets, or extensions such as .html, .pdf or .exe into file types. The ability to group and represent raw log data in more meaningful ways, as offered by WebSpy Vantage, can increase the value of a report tremendously.
7. No Productivity Assessment
One of the major features introduced in TMG since ISA Server 2006 is the included URL categorization technology.
Although the TMG report gives you an overview of the categories that have been visited, the report does not use this information to display a productivity assessment for your users.
WebSpy Vantage not only provides this assessment, but also the ability to customize the categories that are deemed productive as this can vary wildly depending on the industry and organization.
8. Not browser independent
This is a minor limitation that can be a major annoyance. The report that TMG produces is a HTML report that only displays correctly in Internet Explorer. As Forefront TMG is a Microsoft product, this is not exactly surprising, but still very annoying if IE is not your default browser.
How to get awesome reports from Forefront TMG
If you have had personal experience with any of the above limitations, you’ve probably been hunting for an alternative solution. I strongly recommend checking out the WebSpy Vantage range of products, and if you would like secure report distribution via the ‘Web Module’, Vantage Ultimate is what you are after.
If you agree or disagree with anything in this article, I encourage you to leave your thoughts in the comments.
- Dedicated WebSpy and Forefront TMG pages – Everything you need to know about TMG Log Reporting
- Google Claim 6.4% of Internet traffic. Help us put this to the test
- How I used log file analysis to safely retire a legacy web site
- Making Sensible Employee Internet Reports for the Modern Web (Part 3)
- Advantages of using WebSpy with Cisco IronPort – New Video