You can specify that logging should or should not occur for a specific rule. This can effectively reduce logging load, and it can be useful if a large amount of data is being logged from a specific protocol or source. For example, if you have a rule that denies DHCP requests and the log is filling up with many denied requests, you can disable logging for that rule.

Access rules are created with logging enabled by default.

To configure logging for a specific rule

  1. In the Forefront TMG Management console, in the tree, click the Firewall Policy node.

  2. In the details pane, click the rule for which you want to enable logging.

  3. On the Tasks tab, click Edit Selected Rule.

  4. On the Action tab, do the following:

    • To log traffic handled by the rule, click Log requests matching this rule.

    • To specify that traffic handled by the rule should not be logged, clear Log requests matching this rule.

    If you disable logging on the default deny rule, Forefront TMG cannot detect port scan attacks.

Related Topics

Copyright © 2009 by Microsoft Corporation. All rights reserved.