This topic describes how you can log Forefront Unified Access Gateway (UAG) events to a variety of formats, including the in-built Forefront UAG logger, a RADIUS accounting server, a Syslog server, and an SMTP mail server.

After enabling SMTP logging, by default, the mail server does not send any messages to the e-mail recipients, to ensure that recipients are not flooded with all event logging messages. This topic also describes how you can specify which event messages should be sent to e-mail recipients during SMTP logging.

The following procedures describe:

Selecting an event logging format

To select an event logging format

  1. In the Forefront UAG Management console, on the Admin menu, click Event Logs Settings.

  2. On the Event Logging dialog box, select the tab that corresponds to the required logging format:

    • Built-In ─On the Built-In tab, click Enable to log events to the native Forefront UAG format. In Location, specify where log files generated by the built-in reporter should be stored. It is recommended that the log files are stored on the local Forefront UAG server.

      Note:
      The Forefront UAG built-in reporter is enabled by default to allow you to save events to a log file. You can then use the Web Monitor to query this event log, and to filter events according to type, time, and other parameters. A new event log file is saved every day. By default, log files are saved to the Events folder under Logs folder in the Forefront UAG installation folder. Note that the Web Monitor can be used only if the built-in reporter is enabled.
    • RADIUS─On the RADIUS tab, click Enable to log to a RADIUS accounting server. In IP/Host and Port, specify the address or host name, and the port of the RADIUS accounting server. In Secret Key, specify the password used to encrypt and decrypt the user password. The secret key must match the key defined on the RADIUS server.

      Note:
      You can log to a RADIUS accounting server running remotely, or to a RADIUS accounting server installed on the local Forefront UAG server.
    • Syslog─On the Syslog tab, click Enable to log to an industry-standard Syslog server. In IP/Host and Port, specify the address or host name, and port of the Syslog server.

    • Mail─On the Mail tab, click Enable to log to a mail server. In IP/Host and Port, specify the address or host name, and port of the SMTP server. In From, specify the e-mail address that appears in the "From" field of the e-mail. In To, specify the e-mail address to which event logging e-mail messages should be sent. In Subject, specify the text that appears in the e-mail “Subject” field. In User, specify the user name required to log on to the SMTP server, and in Password and Confirm Password, specify the password required to log on to the SMTP server. After enabling SMTP logging, you must specify which event messages will be sent by e-mail, as described in the following procedure Selecting event messages for SMTP logging.

Selecting event messages for SMTP logging

Use this procedure to specify which event messages should be sent to e-mail recipients during SMTP logging.

To select messages sent during SMTP logging

  1. Create a custom message definitions file. If such a file already exists, use the existing file. Note that a working knowledge of XML is required before configuring this XML file.

  2. For each message that you want to send to the SMTP server, under the <Reporters> element, add a new <Reporter> element with the value “mail”, as follows: <Reporter>mail</Reporter>

    For example, to send an e-mail message each time the number of concurrent authenticated sessions that can be opened through a trunk is exceeded, in the message "Number of Max Concurrent Sessions Exceeded", add the Mail reporter, as follows (note that for clarity, some of the event parameters are not shown in the sample code):

      Copy Code
    <Message> 
    <Id>15</Id> 
    <Severity>Warning</Severity> 
    <Type>Session</Type> 
    <Name>AuthenticatedMaxExceeded</Name> 
    <Desc>Number of Max Concurrent Sessions Exceeded</Desc> 
    <DynamicDesc>VGhlIG1heGltYWwgbnVtYmVyIG9</DynamicDesc> 
    <Params> 
    <Param> 
    <Name>MaxValue</Name> 
    </Param> 
    </Params> 
    <Reporters> 
    <Reporter>mail</Reporter> 
    <Reporter>syslog</Reporter> 
    <Reporter>builtin-log</Reporter> 
    </Reporters> 
    </Message> 
    <Message> 
    <Id>15</Id> 
    <Severity>Warning</Severity> 
    <Type>Session</Type> 
    <Name>AuthenticatedMaxExceeded</Name> 
    <Desc>Number of Max Concurrent Sessions Exceeded</Desc> 
    <DynamicDesc>VGhlIG1heGltYWwgbnVtYmVyIG9</DynamicDesc> 
    <Params> 
    <Param> 
    <Name>MaxValue</Name> 
    </Param> 
    </Params> 
    <Reporters> 
    <Reporter>mail</Reporter> 
    <Reporter>syslog</Reporter> 
    <Reporter>builtin-log</Reporter> 
    </Reporters> 
    </Message>
    
  3. When you have finished editing the file, open the Forefront UAG Management console. Click the Activate icon to activate the configuration, and then click Activate. After the configuration is activated, the specified messages are reported to the SMTP server, and sent to the specified recipients.