Configuring Forefront TMG reports

  • Article

Overview

With Forefront TMG reporting, you can create a permanent record of common usage patterns, and you can summarize and analyze log information. For example, you can determine:

  • Who is accessing sites, and which sites are being accessed.
  • Which protocols and applications are being used most often.
  • General traffic patterns.
  • Cache ratio.
  • Security monitoring. For example, you can generate reports that track malicious attempts to access internal resources. Similarly, by tracking the number of connections to a published server or the traffic to the server, you might identify an attempt at denial of service.
  • Malware activity.

Report types

There are two types of reports.

  • One-time reports. These ad hoc reports provide an immediate picture of the activity recorded by Forefront TMG over any period you specify.
  • Recurring report jobs. You can schedule automated reports on a daily, weekly, or monthly basis. The time periods available for these reports are more structured than those of one-time reports; a report that is generated every day will show a day's activity, and a report that is generated once a month will show exactly a month's activity.

Note

Reports contain activity from the previous day and earlier.

For instructions on generating either a one-time report or a recurring report job, see Creating recurring reports.

Report content types

Forefront TMG provides the following predefined report content types.

Summary. A Summary content report includes summarized information about network traffic usage, sorted by application. These reports are most relevant to the network administrator or the person managing or planning a company's Internet connectivity.

Web Usage. A Web Usage content report displays information about frequent Web users, common responses, and browsers. These reports are most relevant to the network administrator or the person managing or planning a company's Internet connectivity. It shows how the Web is being used in a company.

Application Usage. An Application Usage content report illustrates Internet application usage information about top users, client applications, and destinations.

Traffic and Utilization. A Traffic and Utilization content report shows total Internet usage by application, protocol, and direction. These reports also show average traffic and peak simultaneous connections, cache hit ratio, errors, and other statistics.

Security. A Security content report lists attempts to breach network security.

Malware Inspection. A Malware Inspection content report shows the names of current threats, the users and Web sites that generate the largest number of Malware incidents, and statistics regarding the Malware filter and a daily summary of Malware activity.

These report content types can be customized. For information, see Customizing reports.

Reporting mechanism

Forefront TMG reports are based on log summaries derived from the Web Proxy and Firewall logs. Using SQL Server reporting services, Forefront TMG generates two types of log summaries, daily and monthly, which all reports are based on. Log summaries are generated at night (by default at 12:30am), however this time is configurable.

Concepts

Creating recurring reports
Customizing reports
Viewing reports