You can specify that logging should or should not occur for a specific rule. This can effectively reduce logging load, and it can be useful if a large amount of data is being logged from a specific protocol or source. For example, if you have a rule that denies DHCP requests and the log is filling up with many denied requests, you can disable logging for that rule.
|Access rules are created with logging enabled by default.|
To configure logging for a specific rule
In the Forefront TMG Management console, in the tree, click the Firewall Policy node.
In the details pane, click the rule for which you want to enable logging.
On the Tasks tab, click Edit Selected Rule.
On the Action tab, do the following:
- To log traffic handled by the rule, click
Log requests matching this rule.
- To specify that traffic handled by the rule
should not be logged, clear Log requests matching this
Note: If you disable logging on the default deny rule, Forefront TMG cannot detect port scan attacks.
- To log traffic handled by the rule, click Log requests matching this rule.
ConceptsConfiguring Forefront TMG logs
Copyright © 2009 by Microsoft Corporation. All rights reserved.