With Forefront TMG reporting, you can create a permanent record of common usage patterns, and you can summarize and analyze log information. For example, you can determine:
- Who is accessing sites, and which sites are
being accessed.
- Which protocols and applications are being
used most often.
- General traffic patterns.
- Cache ratio.
- Security monitoring. For example, you can
generate reports that track malicious attempts to access internal
resources. Similarly, by tracking the number of connections to a
published server or the traffic to the server, you might identify
an attempt at denial of service.
- Malware activity.
- URL filtering.
- Network inspection activity.
Report types and categories
There are two types of reports:
- One-time reports. These ad hoc reports
provide an immediate picture of the activity recorded by Forefront
TMG over any period you specify.
- Recurring report jobs. You can schedule
automated reports on a daily, weekly, or monthly basis. The time
periods available for these reports are more structured than those
of one-time reports; a report that is generated every day will show
a day's activity, and a report that is generated once a month will
show exactly a month's activity.
 Note: |
|---|
| Reports contain activity from the previous day and earlier. |
Forefront TMG provides predefined report categories and subcategories. These reports can be customized.
Reporting mechanism
Forefront TMG reports are based on log summaries derived from the Web Proxy and Firewall logs. Using SQL Server reporting services, Forefront TMG generates two types of log summaries, daily and monthly, which all reports are based on. Log summaries are generated at night (by default at 12:30am), however this time is configurable.
The following topics provide information that can help you configure reports: