TMG Logs collection method - Issue!
As i'm facing an issue in collecting TMG logs from the TMG server, as in our environment they are not ready to enable the TMG logs as per Below :
1) export it to shared location as .w3c format
2) store in SQL database (as I can use Flex dB connector for this DB scenario).
All logs stored internally in its own !
So, is there any other way to collect TMG logs which is located inside the TMG server ?????
The one other option I thought of was that TMG might be able to write its logs to the Windows Event Log, and then you could use one of the Windows Connectors to retrieve those. Seems like something similar to what was done here ->
Unfortunately, according to this TechNet article -> Configuring Forefront TMG logs, it doesn't seem to clearly state that logging to the Event Log is an option:
Forefront TMG provides a number of logging formats, including logging to a text file, a local SQL Server Express database, and a remote SQL Server computer. Because Forefront TMG is deployed to help secure your network, it is critical that logging information is always available and accurate. You should carefully monitor alerts and verify that their activity is always being logged. Forefront TMG provides a log queue feature to help ensure log availability during peak logging.
Your best bet might be to ask your TMG admin how he does logging today, and see what he says. When he realizes that options are limited, he might enable access via one of the methods you stated. If not, then maybe he knows of some special trick to get the thing to send CEF formatted syslog (don't we wish ).
This sounds a lot like the situation for which I wrote this guide - TMG natively stores its logs via a SQL Express instance installed alongside TMG. Feel free to check out the guide, although I don't have access to TMG Forefront anymore so I don't know if I'll be much help for troubleshooting.