Configuring the log location

Logs should always be stored in a safe location with tightly controlled access. By default, SQL Server Express logs and text file logs are stored in the ISALogs folder under the Microsoft Forefront Threat Management Gateway installation folder.

You can specify an alternative log file location, including an environment variable such as %logDirectory%.

• If you specify a relative directory, the log is saved in the ISALogs folder, under the Microsoft Forefront Threat Management Gateway installation folder.
• If you specify an absolute path, the actual log folder may be different on every server.
• If the specified folder does not exist, Forefront TMG will warn you that the specified location is not valid and will try to create the folder.

For any alternative logging folder, the Network Service account must have read permissions from the root partition and any parent folder for the folder. On the logging folder itself, the following permissions are required:

• Network Service: Full Control
• System: Full Control
• Administrators: Full Control

If you change the log folder location and do not set the correct permissions, event ID 11002: Microsoft Firewall service failed to start may be issued in Event Viewer.

Detaching SQL Server Express databases

If you need to copy or move SQL Server Express databases from one location to another, you must first detach the database from the current server. You should never detach a database that is currently in use. For instructions, see Managing SQL Server Express databases.