The one other option I thought of was that TMG might be able to write its logs to the Windows Event Log, and then you could use one of the Windows Connectors to retrieve those. Seems like something similar to what was done here ->

Unfortunately, according to this TechNet article -> Configuring Forefront TMG logs, it doesn't seem to clearly state that logging to the Event Log is an option:

Forefront TMG provides a number of logging formats, including logging to a text file, a local SQL Server Express database, and a remote SQL Server computer. Because Forefront TMG is deployed to help secure your network, it is critical that logging information is always available and accurate. You should carefully monitor alerts and verify that their activity is always being logged. Forefront TMG provides a log queue feature to help ensure log availability during peak logging.

Your best bet might be to ask your TMG admin how he does logging today, and see what he says. When he realizes that options are limited, he might enable access via one of the methods you stated. If not, then maybe he knows of some special trick to get the thing to send CEF formatted syslog (don't we wish ).

Great !

As I checked with Admin.. Its storing the logs internally for its own reporting use....it seems,

Let me buzz him again n C

Cheers!!!

This sounds a lot like the situation for which I wrote this guide - TMG natively stores its logs via a SQL Express instance installed alongside TMG. Feel free to check out the guide, although I don't have access to TMG Forefront anymore so I don't know if I'll be much help for troubleshooting.