cancel
Showing results for 
Search instead for 
Did you mean: 

Microsoft TMG not Receiver Log

Hi community,

I need to set the Data Source for Microsoft TMG, but the connection can not do for SQL, as the TMG is configured in the W3C format as the default Log.

When setting the SIEM, the Log brings no, do not know if I configure CIFS, FTP or some other format in Data Retrieval.

How mcafee collects information in a shared folder on a devices?

I need to enable any feature in the data source?

El mensaje fue editado por: arfelix on 19/02/14 11:27:53 AM VET
3 Replies
lichnt
Level 7
Report Inappropriate Content
Message 2 of 4

Re: Microsoft TMG not Receiver Log

Can you config log at TMG ?

The first you config log at TMG as link: http://tmgblog.richardhicks.com/2010/04/04/configuring-syslog-on-isa-and-tmg-with-splunk-log-managem...

Then you share folder config log at the first

As McAfee SIEM you config CIFS as:

01.png

Re: Microsoft TMG not Receiver Log

Hi Lichnt,

I can't use Splunk Log Management,

I have created and configured the shared folder so CIFS, and not received log in ESM.

Imagen2.JPG

I configured Data Source TMG, IIS, but I can not receive log, that device(TMG) in that folder where you stored the log.

  

I used "SIEM Collector" and I can not receive Log.

My question, how I can collect log in format W3C or another format to the McAfee SIEM.

Thanks for your help!

lichnt
Level 7
Report Inappropriate Content
Message 4 of 4

Re: Microsoft TMG not Receiver Log

I see you config datasource is not true, you want get log of TMG , you choose IIS , you must choose at vendor " Internet Security and Accelaration(ASP)".

More at TMG you config :

Configure Logging

To configure TMG for text file logging, open the management console and highlight Logs & Reports in the console tree, then select the Logging tab.

http://richardhicks.files.wordpress.com/2010/04/image001.png?w=595

To configure ISA for text file logging, open the management console and highlight Monitoringin the console tree, then select the Logging tab.

http://richardhicks.files.wordpress.com/2010/04/image003.png?w=595

For both ISA and TMG, click Configure Firewall Logging or Configure Web Proxy Logging in the Tasks pane.


http://richardhicks.files.wordpress.com/2010/04/image005.png?w=595

Select the File option and choose W3C Extended Log File Format. Do the same for Web Proxy Logging.


http://richardhicks.files.wordpress.com/2010/04/image007.png?w=595

In the Log File or Directory field, enter the location of the firewall logs. For TMG, the default log folder is C:\Program Files\Microsoft Forefront Threat Management Gateway\Logs. For ISA, the default log folder is C:\Program Files\Microsoft ISA Server\ISALogs. In the Log Name

Format: field, enter *FWS*.w3c. Click Change Configuration when finished.

You share forder log and type datasource at ESM