3 Replies Latest reply on Feb 20, 2014 8:03 PM by lichnt

    Microsoft TMG not Receiver Log

    arfelix

      Hi community,

       

      I need to set the Data Source for Microsoft TMG, but the connection can not do for SQL, as the TMG is configured in the W3C format as the default Log.

       

      When setting the SIEM, the Log brings no, do not know if I configure CIFS, FTP or some other format in Data Retrieval.

       

      How mcafee collects information in a shared folder on a devices?

       

      I need to enable any feature in the data source?

       

      El mensaje fue editado por: arfelix on 19/02/14 11:27:53 AM VET
        • 1. Re: Microsoft TMG not Receiver Log
          lichnt

          Can you config log at TMG ?

          The first you config log at TMG as link: http://tmgblog.richardhicks.com/2010/04/04/configuring-syslog-on-isa-and-tmg-wit h-splunk-log-management/

          Then you share folder config log at the first

          As McAfee SIEM you config CIFS as:

           

          01.png

          1 of 1 people found this helpful
          • 2. Re: Microsoft TMG not Receiver Log
            arfelix

            Hi Lichnt,

             

            I can't use Splunk Log Management,

             

            I have created and configured the shared folder so CIFS, and not received log in ESM.

             

            Imagen2.JPG

            I configured Data Source TMG, IIS, but I can not receive log, that device(TMG) in that folder where you stored the log.

              

            I used "SIEM Collector" and I can not receive Log.

            My question, how I can collect log in format W3C or another format to the McAfee SIEM.

             

            Thanks for your help!

             

            • 3. Re: Microsoft TMG not Receiver Log
              lichnt

              I see you config datasource is not true, you want get log of TMG , you choose IIS , you must choose at vendor " Internet Security and Accelaration(ASP)".

              More at TMG you config :

              Configure Logging

              To configure TMG for text file logging, open the management console and highlight Logs & Reports in the console tree, then select the Logging tab.

              http://richardhicks.files.wordpress.com/2010/04/image001.png?w=595

              To configure ISA for text file logging, open the management console and highlight Monitoringin the console tree, then select the Logging tab.

              http://richardhicks.files.wordpress.com/2010/04/image003.png?w=595

               

              For both ISA and TMG, click Configure Firewall Logging or Configure Web Proxy Logging in the Tasks pane.


              http://richardhicks.files.wordpress.com/2010/04/image005.png?w=595

              Select the File option and choose W3C Extended Log File Format. Do the same for Web Proxy Logging.

               


              http://richardhicks.files.wordpress.com/2010/04/image007.png?w=595

               

              In the Log File or Directory field, enter the location of the firewall logs. For TMG, the default log folder is C:\Program Files\Microsoft Forefront Threat Management Gateway\Logs. For ISA, the default log folder is C:\Program Files\Microsoft ISA Server\ISALogs. In the Log Name

              Format: field, enter *FWS*.w3c. Click Change Configuration when finished.

               

              You share forder log and type datasource at ESM