Tracking configuration changes

  • Article

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

Configuration change tracking enables the registering of all configuration changes that are made either in Forefront TMG Management, or programmatically using scripts. You can use configuration change tracking as a support tool to determine the cause of an issue that results from a configuration change. By default, change tracking is disabled.

You can view the output of configuration change tracking in the Change Tracking tab of the Troubleshooting node, in the Forefront TMG Management console. In Forefront TMG Enterprise Edition, you can configure configuration change tracking at the enterprise level. When you enable configuration change tracking on the enterprise, tracking is enabled on all arrays in the enterprise. Enterprise settings override array-level settings.

When you apply changes at both the array and enterprise level, two entries appear in the output; one showing the configuration change at the enterprise level, and the other showing the change at the array level.

The following describes:

  • Viewing configuration change tracking output

  • Configuring the change tracking feature

  • Entering a change description

  • Filtering and searching configuration changes

Viewing configuration change tracking output

Each configuration change tracking output entry represents a single configuration change. Entries are sorted by date and time; the most recent first.

The following information is displayed in the results pane of the Change Tracking tab:

  • Time—The date and time of the configuration change.

  • User—The user name of the person who made the configuration change.

  • Change Summary—A system-generated description of the configuration change in Forefront TMG.

  • Description—The change description that the user entered for the configuration change.

  • Array-The name of the array in which the configuration change was made, or the name of the enterprise if the change was made on the enterprise level (Enterprise Edition only).

You can expand each entry to display more details..

Configuring the change tracking feature

You can configure the following for the change tracking feature:

  • Enable change tracking.

  • Specify a maximum number of entries in the change tracking log.

  • Require users who make configuration changes in the Forefront TMG Management to specify a description that appears in the configuration change tracking output.

To enable and configure change tracking

  1. In the Forefront TMG Management console, click the Troubleshooting node, and then click the Change Tracking tab.

  2. On the Tasks tab, click Configure Change Tracking.

  3. To enable change tracking, select Enable change tracking.

    Note

    To configure change tracking at the enterprise level, right-click the enterprise node, click Properties, and then click the Change Tracking tab from the Enterprise Properties dialog box.

  4. To disable the change description prompt, clear the Prompt for a change description when applying configuration changes check box. This option, which is selected by default, enables users to add an optional change description when making configuration changes in Forefront TMG Management.

  5. To specify a maximum number of entries for the change tracking log, in the Limit number of entries to box, enter the required number. It is recommended that you do not configure a limit of more than 10,000, as this may affect performance.

    Note

    When the maximum number of entries is reached, the earliest entries are overwritten.

  6. To view the entry in the configuration change tracking output, click Apply.

Entering a change description

If configuration change tracking is enabled, users who make configuration changes in Forefront TMG Management can enter an optional description for that change. This description appears in the configuration change tracking output.

To export the current configuration and a change description

  1. After you make configuration changes in Forefront TMG Management, when you click Apply, the Configuration Change Description prompt appears, enabling you to type a description of the change.

  2. Before applying the change and change description, you can create a backup of the existing configuration by exporting the configuration. To open the Export Wizard, click Export. For Enterprise Edition, export backs up the entire enterprise.

  3. Click Apply. The required configuration change is saved, and the description is applied to the change.

  4. When the Saving Configuration Changes status dialog box appears, click OK. The configuration changes are recorded to the change tracking output.

Filtering and searching configuration changes

Filter options are accessible at the top of the Change Tracking tab. You can filter the entries by user name and by content. You can also use the short key CTRL+F to search for entries.

To search for an entry

  1. In the User name contains box, enter the name of the user who performed the configuration change.

  2. In the Entry contains box, enter a keyword for the search.

    Note

    You can filter by one or both options.

  3. Click the Apply Filter button. The system executes a search; the results appear in the Troubleshooting node on the Change Tracking tab.

  4. To display more details, you can expand each entry in the output.

Concepts

Forefront TMG Troubleshooting