Why there is so much anonymous traffic in Microsoft TMG and ISA logs

One of the most common questions we get asked by users of Microsoft TMG and ISA is why there is so much traffic attributed to the Anonymous user. Even though unauthenticated access to the web has been disabled, they still see the ‘Anonymous’ user as one of the top users in their reports. So let’s …

Video: How to use WebSpy Vantage to report on IronPort log files

I’ve produced a video on how to use WebSpy Vantage to report on IronPort’s Web Security Appliance’s access log files. It is quite a detailed look at the key tasks involved in setting up and using WebSpy Vantage with IronPort WSA access logs, and is therefore divided into several parts. The videos take you through …

Accessing Microsoft Forefront TMG’s Log Files (SQL Express)

If you need to analyze and report on Microsoft Forefront Threat Management Gateway log files, the most common stumbling block is enabling access to the default SQL Express databases that contains the firewall and web proxy log files. The log databases are stored in an SQL Express instance named MSFW. By default these databases cannot …

Vantage Update 2.2.0.29 – New Fields for IronPort

We have just added support for the ‘Group’ field in IronPort’s access logs. You can add this field to your logs by adding %g in the ‘Custom Fields’ edit box. We have also added support for the custom fields Body Request Size and Body Response Size.

8 Reasons NOT to Use Microsoft Forefront TMG’s Reporting

I’ve been having a look through the reporting functionality included in Microsoft Forefront Threat Management Gateway to find that not much has changed from ISA Server 2006. There is some new information regarding the newly implemented URL categorization and threat management technology, but there is very little flexibility or customization for those with reporting requirements beyond general overviews cluttered with irrelevant information. Here is what I consider to be the 8 main limitations of Microsoft Forefront TMG’s reporting functionality.

Microsoft TMG and UAG Released! What is the difference?

Most of our customers using Microsoft ISA server are probably aware by now that Microsoft have released the new version of ISA server, which is now re-branded as Microsoft Forefront Threat Management Gateway (TMG). In addition to this, Microsoft has also re-branded its Internet Access Gateway (IAG) to Unified Access Gateway (UAG).

Another Reason Organizations Should Avoid Excessive Internet Blocking

Google Alerts have become an invaluable tool to keep track of WebSpy’s online presence and mentions. I’m also alerted on keywords related to other players in the Internet Security Industry. The last couple of weeks I have noticed quite a steep increase in alerts on a well-known internet blocking and filtering vendor. Majority of these …

Microsoft Forefront TMG Release Candidate now available

Microsoft have announced the availability of Microsoft Forefront Threat Management Gateway (TMG) Release Candidate (RC). This is the final public release of TMG before it is made available to purchase.

If you’re considering upgrading your ISA Server to TMG, this means that you can start your deployment using the Release Candidate, and simply switch it to a licenced version with no additional configuration changes once the full release is available.

Video: Setup a complete Internet monitoring solution in less than 15 minutes!

Here’s a video I put together demonstrating how to get up and running with a complete monitoring and reporting solution in less than 15 minutes. The video demonstrates three products: WebSpy Sentinel, for complete data capture, WebSpy Live for real time alerts, and WebSpy Analyzer Standard for analysis and reporting.

Convert Microsoft ISA 2006 MSDE logs to WebSpy compatible text logs

A few customers have experienced some issues converting their ISA MSDE logs to text format using Microsofts MSDEToText.vbs script for ISA 2006. We’ve therefore created a modified version of the script that creates compatible log files for WebSpy software.