Export (0) Print
Expand All

Configuring diagnostic logging

Published: November 15, 2009

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

You can use diagnostic logging, as follows:

  • Enable diagnostic logging to capture information about all traffic packets processed. Information is captured until diagnostic logging is disabled or size limits are reached. You can configure log limit and timeout values, and you can delete events in the log.

  • To run diagnostic logging remotely, you must add the remote computer to the array-level system policy rule Allow remote management from selected computers using MMC; otherwise errors may appear.

The following procedures describe:

  1. In the Forefront TMG Management console, in the Troubleshooting node, click the Diagnostic Logging tab.

  2. On the Tasks tab, click Enable Diagnostic Logging to enable logging.

  3. After you click Enable Diagnostic Logging, click Disable Diagnostic Logging to disable logging.

    noteNote:
    Disable diagnostic logging when not required. If enabled for an extended period, Forefront TMG performance might be affected.

The following limits are imposed in diagnostic logging:

  • The default maximum number of entries for a query is 10,000.

  • There is a maximum timeout of 30 seconds for the query to be run. If the query did not complete before the timeout, an error is displayed. Before you rerun the query, modify the filter.

You can modify limits by using the registry, as described in the following procedure.

  1. Click Start, and then Run. In the Run dialog box, type regedit.

  2. Navigate to the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft

  3. Right-click Microsoft, and then create the following key if it does not exist: RAT\Stingray\Debug\UI.

  4. To specify the maximum number of entries that the query should handle and the timeout value, do the following:

    1. Right-click UI, click New, and then click DWORD(32-bit).

    2. Create the following value: DIALOG_QUERY_MAX_RECORDS.

    3. In DIALOG_QUERY_MAX_RECORDS, specify a maximum value for the number of entries that can be handled by the query.

    4. Create the following value: DIAGLOG_DLVIEWER_TIMEOUT.

    5. In DIAGLOG_DLVIEWER_TIMEOUT, specify the query timeout value.

    ImportantImportant:
    This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, see Windows registry information for advanced users ( http://go.microsoft.com/fwlink/?LinkId=179961) for a description of the Microsoft Windows registry.

Delete events from the diagnostic log as described in the following procedure.

  1. In the Forefront TMG Management console, in the Troubleshooting node, click the Diagnostic Logging tab.

  2. On the Tasks tab, click Delete Diagnostic Log. Events are deleted from the diagnostic log, and will no longer appear in the event viewer or the output pane.

To run diagnostic logging remotely, add the remote management computer to the required system policy rule in Forefront TMG, as described in the following procedure.

  1. In the Forefront TMG Management console, in the Firewall Policy node, double-click the system policy rule Allow remote manage from selected computers using MMC.

  2. On the From tab, select Remote Managers Computers, and then click Edit.

  3. Verify that the name of the remote management computer is included in the computer set. If it is not included, add the remote management computer.

  4. Click OK.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft