Logging requests matching a rule

  • Article

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

You can specify that logging should or should not occur for a specific rule. This can effectively reduce logging load, and it can be useful if a large amount of data is being logged from a specific protocol or source. For example, if you have a rule that denies DHCP requests and the log is filling up with many denied requests, you can disable logging for that rule.

Note

Access rules are created with logging enabled by default.

To configure logging for a specific rule

  1. In the Forefront TMG Management console, in the tree, click the Firewall Policy node.

  2. In the details pane, click the rule for which you want to enable logging.

  3. On the Tasks tab, click Edit Selected Rule.

  4. On the Action tab, do the following:

    • To log traffic handled by the rule, click Log requests matching this rule.

    • To specify that traffic handled by the rule should not be logged, clear Log requests matching this rule.

    Note

    If you disable logging on the default deny rule, Forefront TMG cannot detect port scan attacks.

Concepts

Configuring Forefront TMG logs