Support Center

What Log Fields Does TMG Reporter Use?

Last Updated: Aug 16, 2013 05:03PM PDT
Here is the list of fields that TMG Reporter uses when querying Forefront TMG's logs.

Web Proxy Fields
[ClientIP], [DestHostIP], [logTime], [GmtLogTime], [ClientUserName], [ClientAgent], [ClientAgent], [processingtime], [SrcPort], [DestHostPort], [bytesrecvd], [bytessent], [protocol], [uri], [rule], [SrcNetwork], [DstNetwork], [Action], [ipsScanResult], [ipsSignature], [ThreatName], [MalwareInspectionAction], [MalwareInspectionResult], [UrlCategory], [UrlDestHost], [resultcode], [servername]

Firewall Fields 
[logTime], [GmtLogTime], [protocol], [SourceIP], [DestinationIP], [SourceNetwork], [DestinationNetwork], [SourcePort], [DestinationPort], [Action], [rule], [bytessentDelta], [bytesrecvdDelta], [connectiontimeDelta], [DestinationName], [ClientUserName], [ClientAgent], [FwcAppProductName], [ipsScanResult], [ipsSignature], [resultcode], [servername]

If you are interested in reducing the amount of data being logged by TMG, a good option might be to disable logging of system rules, which can help cut down on the amount of logged data. Here's some info: Useful scripts to disable logging for system policy rules in Forefront TMG.

If you're logging to SQL, you can also save disk space by switching your logging to W3C text logs. Here's an article that details the disk savings of switching to text: Switching Forefront TMG's log format to W3C Text
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found