If you’re using Microsoft Forefront Threat Management Gateway, there is a bug in the logging that causes Bytes Sent and Bytes Received to be logged in reverse. This seems to only affect the Web Proxy logs – both SQL and W3c . We noticed in a few web reports, that people were generally uploading a [...]
One of the most common questions we get asked by users of Microsoft TMG and ISA is why there is so much traffic attributed to the Anonymous user. Even though unauthenticated access to the web has been disabled, they still see the ‘Anonymous’ user as one of the top users in their reports. So let’s [...]
I’ve produced a video on how to use WebSpy Vantage to report on IronPort’s Web Security Appliance’s access log files. It is quite a detailed look at the key tasks involved in setting up and using WebSpy Vantage with IronPort WSA access logs, and is therefore divided into several parts. The videos take you through [...]
If you need to analyze and report on Microsoft Forefront Threat Management Gateway log files, the most common stumbling block is enabling access to the default SQL Express databases that contains the firewall and web proxy log files. The log databases are stored in an SQL Express instance named MSFW. By default these databases cannot [...]
We have just added support for the 'Group' field in IronPort's access logs. You can add this field to your logs by adding %g in the 'Custom Fields' edit box. We have also added support for the custom fields Body Request Size and Body Response Size.
I've been having a look through the reporting functionality included in Microsoft Forefront Threat Management Gateway to find that not much has changed from ISA Server 2006. There is some new information regarding the newly implemented URL categorization and threat management technology, but there is very little flexibility or customization for those with reporting requirements beyond general overviews cluttered with irrelevant information. Here is what I consider to be the 8 main limitations of Microsoft Forefront TMG's reporting functionality.
Most of our customers using Microsoft ISA server are probably aware by now that Microsoft have released the new version of ISA server, which is now re-branded as Microsoft Forefront Threat Management Gateway (TMG). In addition to this, Microsoft has also re-branded its Internet Access Gateway (IAG) to Unified Access Gateway (UAG). […]
Google Alerts have become an invaluable tool to keep track of WebSpy’s online presence and mentions. I’m also alerted on keywords related to other players in the Internet Security Industry. The last couple of weeks I have noticed quite a steep increase in alerts on a well-known internet blocking and filtering vendor. Majority of these [...]
Microsoft have announced the availability of Microsoft Forefront Threat Management Gateway (TMG) Release Candidate (RC). This is the final public release of TMG before it is made available to purchase. If you're considering upgrading your ISA Server to TMG, this means that you can start your deployment using the Release Candidate, and simply switch it to a licenced version with no additional configuration changes once the full release is available.
Here's a video I put together demonstrating how to get up and running with a complete monitoring and reporting solution in less than 15 minutes. The video demonstrates three products: WebSpy Sentinel, for complete data capture, WebSpy Live for real time alerts, and WebSpy Analyzer Standard for analysis and reporting.