About admin

This author has not yet filled in any details.
So far admin has created 52 blog entries.
27 10, 2010

Watch your TMG's waist line. Switch log format and reduce fat now!

By | 2010-10-27T04:57:46+00:00 October 27th, 2010|Firewall Analysis, Log File Analysis, Microsoft ISA Server, Microsoft Threat Management Gateway, storages, System Administration, Tips and Best Practices, Uncategorized, Vantage, Web Browsing Analysis, WebSpy|0 Comments

We often recommend customers using Microsoft ISA or TMG switch their logging to W3C text file, in order to get the best possible import speed, and also because the text logs are much easier to access from a remote machine (see my previous article on accessing TMG’s SQL Express Log database). Logging to the default [...]

12 10, 2010

Vantage Update 2.2.0.55 (Clearswift, Palo Alto Networks, WatchGuard and more)

By | 2010-10-12T07:25:56+00:00 October 12th, 2010|cisco, ClearSwift, Firewall Analysis, FlowMonitor, IronPort, Loaders, Log File Analysis, Microsoft ISA Server, Partners, Software Updates, Third Party, Uncategorized, Vantage, WebSpy News Update|0 Comments

We’ve just released an auto update for the Vantage software range. This release includes some new log format additions, and some fixes to existing formats. […]

23 08, 2010

Vantage Update 2.2.0.50 (Juniper SA, Forefront Protection and more)

By | 2010-08-23T05:43:03+00:00 August 23rd, 2010|Loaders, Microsoft Threat Management Gateway, Software Updates, Uncategorized, Vantage, WebSpy, WebSpy News Update|0 Comments

We have just released an auto update for the Vantage range of applications. This update includes support for the Juniper SA series and Microsoft Forefront Protection for Exchange 2010. Here’s the full list of changes: New: Juniper SA Series. Vantage can import and report on web traffic and VPN connections. New: Microsoft Forefront Protection for [...]

29 07, 2010

Vantage Update 2.2.0.48 – New Loaders, Features and Fixes

By | 2010-07-29T06:43:53+00:00 July 29th, 2010|IronPort, Loaders, Microsoft Threat Management Gateway, Reports, Software Updates, Uncategorized, Vantage, Web Module, WebSpy, WebSpy News Update|0 Comments

We’ve just released an update to the Vantage range of application, including the Web Module. This release will be welcomed with open arms by many customers for the following reasons: General usability improvements in the Web Module Multi-select / delete options, Ajax progress indicators to avoid page refreshes, export from Dynamics Report tab and more [...]

29 07, 2010

Microsoft Forefront TMG logs size fields the wrong way around

By | 2010-07-29T04:49:04+00:00 July 29th, 2010|Firewall Analysis, Log File Analysis, Microsoft Threat Management Gateway, Reports, Tips and Best Practices, Uncategorized, Vantage, Web Browsing Analysis, WebSpy|0 Comments

If you’re using Microsoft Forefront Threat Management Gateway, there is a bug in the logging that causes Bytes Sent and Bytes Received to be logged in reverse. This seems to only affect the Web Proxy logs – both SQL and W3c . We noticed in a few web reports, that people were generally uploading a [...]

19 07, 2010

Why there is so much anonymous traffic in Microsoft TMG and ISA logs

By | 2010-07-19T03:18:29+00:00 July 19th, 2010|Aliases, Firewall Analysis, How To, Log File Analysis, Microsoft ISA Server, Microsoft Threat Management Gateway, Reports, Tips and Best Practices, Uncategorized, Vantage, Web Browsing Analysis, WebSpy|5 Comments

One of the most common questions we get asked by users of Microsoft TMG and ISA is why there is so much traffic attributed to the Anonymous user. Even though unauthenticated access to the web has been disabled, they still see the ‘Anonymous’ user as one of the top users in their reports. So let’s [...]

18 06, 2010

Video: How to use WebSpy Vantage to report on IronPort log files

By | 2010-06-18T02:01:16+00:00 June 18th, 2010|Aliases, Firewall Analysis, How To, IronPort, Log File Analysis, Reports, Scheduled Tasks, Tips and Best Practices, Uncategorized, Vantage, Web Browsing Analysis, Web Module, WebSpy|0 Comments

I’ve produced a video on how to use WebSpy Vantage to report on IronPort’s Web Security Appliance’s access log files. It is quite a detailed look at the key tasks involved in setting up and using WebSpy Vantage with IronPort WSA access logs, and is therefore divided into several parts. The videos take you through [...]

11 06, 2010

Accessing Microsoft Forefront TMG's Log Files (SQL Express)

By | 2010-06-11T06:54:59+00:00 June 11th, 2010|Firewall Analysis, How To, Loaders, Log File Analysis, Microsoft Threat Management Gateway, Uncategorized, Vantage, Web Browsing Analysis, WebSpy|1 Comment

If you need to analyze and report on Microsoft Forefront Threat Management Gateway log files, the most common stumbling block is enabling access to the default SQL Express databases that contains the firewall and web proxy log files. The log databases are stored in an SQL Express instance named MSFW. By default these databases cannot [...]