Watch your TMG’s waist line. Switch log format and reduce fat now!

We often recommend customers using Microsoft ISA or TMG switch their logging to W3C text file, in order to get the best possible import speed, and also because the text logs are much easier to access from a remote machine (see my previous article on accessing TMG’s SQL Express Log database). Logging to the default …

Microsoft Forefront TMG logs size fields the wrong way around

If you’re using Microsoft Forefront Threat Management Gateway, there is a bug in the logging that causes Bytes Sent and Bytes Received to be logged in reverse. This seems to only affect the Web Proxy logs – both SQL and W3c . We noticed in a few web reports, that people were generally uploading a …

Why there is so much anonymous traffic in Microsoft TMG and ISA logs

One of the most common questions we get asked by users of Microsoft TMG and ISA is why there is so much traffic attributed to the Anonymous user. Even though unauthenticated access to the web has been disabled, they still see the ‘Anonymous’ user as one of the top users in their reports. So let’s …

Video: How to use WebSpy Vantage to report on IronPort log files

I’ve produced a video on how to use WebSpy Vantage to report on IronPort’s Web Security Appliance’s access log files. It is quite a detailed look at the key tasks involved in setting up and using WebSpy Vantage with IronPort WSA access logs, and is therefore divided into several parts. The videos take you through …

Accessing Microsoft Forefront TMG’s Log Files (SQL Express)

If you need to analyze and report on Microsoft Forefront Threat Management Gateway log files, the most common stumbling block is enabling access to the default SQL Express databases that contains the firewall and web proxy log files. The log databases are stored in an SQL Express instance named MSFW. By default these databases cannot …

Vantage Update 2.2.0.43

We’ve just released an auto update for WebSpy Vantage (Premium, Giga and Ultimate) as well as the Web Module. This is a great update for Vantage Ultimate users as we’ve introduced a new feature/tab into the Web Module called ‘Dynamic Reports’.

Here’s the full list of changes since the last auto update (2.2.0.32 on the 14th April 2010).

3 Simple Reasons Why Resellers Want WebSpy

To set things straight from the get-go, this is not a plug about our partner program, margin structure or reseller support. All the ingredients necessary to bake a successful partner cake are present (and being improved…get ready for some exciting partner announcement in the coming weeks). No, this is simply a very factual overview of …

Vantage Update 2.2.0.29 – New Fields for IronPort

We have just added support for the ‘Group’ field in IronPort’s access logs. You can add this field to your logs by adding %g in the ‘Custom Fields’ edit box. We have also added support for the custom fields Body Request Size and Body Response Size.