Support Center

Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Logon Attempts

Robert Eastman Apr 12, 2016 08:36AM PDT

Is TMG Reporter capable of reporting login failures for a specific site? They are logging in thru a TMG form into a different domain then our company domain. This is for external clients.

Up 0 rated Down
Fastvue Apr 12, 2016 08:56AM PDT FASTVUE Agent
Hey Bob,

Thanks for getting in touch about this.

It's certainly not TMG Reporter's primary use case, but you might like to try running an 'Activity Report' filtered by:
Action 'Equal to' Failed
Destination IP 'In subnet'

In the second filter, replace with the subnet that your web servers reside in.

This will give you a chronological list of all activity that meets those filters (Failed records destined for your internal subnet).

Instead of specifying the entire subnet, you could also use:
Destination IP 'Equal to', etc

Where the IPs specified are the list of web servers you're interested in reporting on.

I hope this helps! Let me know how you go.

Up 0 rated Down
Robert Eastman Apr 12, 2016 09:26AM PDT
Ok, So this is how I have it configured for the report:

Rule = Rule Name
Action = Faild

What I want is even if it is a REAL user that has an account on the system I also need an attempt to login to the TMG Form page and denied because there is no account, wrong password.

What I get on this report is a failed attempt to get a specific web page from what I can see.
Up 0 rated Down
Fastvue Apr 12, 2016 09:28AM PDT FASTVUE Agent
Hey Bob,

Try adding Action = Denied into the filter as well.

Rule = Rule Name
Action = Failed, Denied

I'm assuming 'Rule Name' is your web publishing rule for the site you're interested in analyzing?

Up 0 rated Down
Fastvue Apr 19, 2016 05:41PM PDT FASTVUE Agent
Hey Bob,

Just following up on this. Are you getting the report you need from Fastvue Reporter? Another tip would be to run a 'live query' in TMG's logging and reporting section, then produce the behaviour you're interested in (wrong password etc) and see what TMG logs in those events. There may be some specific field values such as the destination IP address, URL, result codes etc that you can hook into in your report filter.


Post Your Public Answer

Your name (required)
Your email address (required)
Answer (required)
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found