A SQL Server Express 2005 instance can only be accessed locally.
You can filter and view logs in real time (online) or for historical data (offline).
Consumes more disk resources than text file logging. SQL Server Express logging performs approximately two disk accesses for every megabit.
SQL
Logging to a remote SQL database provides the following features:
Because logging is to a remote server, sufficient network bandwidth is required, preferably 1 GB connectivity between Forefront TMG and computers running SQL Server to accommodate the capacity of the log traffic. Network connections must utilize Internet Protocol security (IPsec) to secure the log records sent to the remote SQL database.
With sufficient hardware, performance will be better than SQL Server Express logging.
No limit to log size. This is configured by the user, based on retention and maintenance policy.
The database administrator is responsible for log maintenance.
Account used for logging must have permissions on the computer running SQL Server.
Data is encrypted on the connection to the computer running SQL Server.
SQL Server and Forefront TMG are mutually authenticated.
You can filter and view logs in real time (online) or for historical data (offline).
Logging performance depends on:
Number of Forefront TMG computers logging.
SQL Server settings.
Bandwidth allocation.
On the Forefront TMG firewall, SQL logging consumes CPU resources somewhere between those used by SQL Server Express and file logging, and it uses almost no disk input/output (I/O).