Reporting tab

With Microsoft Forefront Threat Management Gateway reporting, you can create a permanent record of common usage patterns, and you can summarize and analyze log information. For example, you can determine:

• Who is accessing sites, and which sites are being accessed.
• Which protocols and applications are being used most often.
• General traffic patterns.
• Cache ratios.
• Security monitoring. For example, you can generate reports that track malicious attempts to access internal resources. Similarly, by tracking the number of connections to a published server, or the traffic to the server, you can identify an attempt at denial of service.

Forefront TMG reports are based on log summaries derived from the Web Proxy and Firewall logs. The Dailysum.exe program, installed with Forefront TMG, is responsible for summarizing the log data. By default, Dailysum.exe runs as follows:

• Daily. Dailysum.exe runs each day at 00:30 (12:30 A.M.).
• Monthly. At the beginning of each month, Dailysum.exe creates a monthly summary that summarizes all the past month's daily summaries. At least 35 daily summaries are saved, and at least 13 monthly summaries are saved.

Dailysum.exe runs even if no reports are configured to run. You can disable this default setting. You can also specify when Dailysum.exe runs. Two log summaries are saved: one with a daily summary and one with a monthly summary. Summaries are saved in database files (.ils files), by default in the ISASummaries folder, in the Forefront TMG installation folder. When a report is created, all relevant summary databases are combined into a single report database, and the report is created.