This topic describes how you can log Forefront Unified Access Gateway (UAG) events to a variety of formats, including the in-built Forefront UAG logger, a RADIUS accounting server, a Syslog server, and an SMTP mail server.
After enabling SMTP logging, by default, the mail server does not send any messages to the e-mail recipients, to ensure that recipients are not flooded with all event logging messages. This topic also describes how you can specify which event messages should be sent to e-mail recipients during SMTP logging.
The following procedures describe:
Selecting an event logging
format
To select an event logging format
-
In the Forefront UAG Management console, on the Admin menu, click Event Logs Settings.
-
On the Event Logging dialog box, select the tab that corresponds to the required logging format:
- Built-In ─On the Built-In tab,
click Enable to log events to the native Forefront UAG
format. In Location, specify where log files generated by
the built-in reporter should be stored. It is recommended that the
log files are stored on the local Forefront UAG server.
Note:The Forefront UAG built-in reporter is enabled by default to allow you to save events to a log file. You can then use the Web Monitor to query this event log, and to filter events according to type, time, and other parameters. A new event log file is saved every day. By default, log files are saved to the Events folder under Logs folder in the Forefront UAG installation folder. Note that the Web Monitor can be used only if the built-in reporter is enabled. - RADIUS─On the RADIUS tab, click
Enable to log to a RADIUS accounting server. In
IP/Host and Port, specify the address or host name,
and the port of the RADIUS accounting server. In Secret Key,
specify the password used to encrypt and decrypt the user password.
The secret key must match the key defined on the RADIUS server.
Note:You can log to a RADIUS accounting server running remotely, or to a RADIUS accounting server installed on the local Forefront UAG server. - Syslog─On the Syslog tab, click
Enable to log to an industry-standard Syslog server. In
IP/Host and Port, specify the address or host name,
and port of the Syslog server.
- Mail─On the Mail tab, click
Enable to log to a mail server. In IP/Host and
Port, specify the address or host name, and port of the SMTP
server. In From, specify the e-mail address that appears in
the "From" field of the e-mail. In To, specify the e-mail
address to which event logging e-mail messages should be sent. In
Subject, specify the text that appears in the e-mail
“Subject” field. In User, specify the user name required to
log on to the SMTP server, and in Password and Confirm
Password, specify the password required to log on to the SMTP
server. After enabling SMTP logging, you must specify which event
messages will be sent by e-mail, as described in the following
procedure Selecting event messages for SMTP
logging.
- Built-In ─On the Built-In tab,
click Enable to log events to the native Forefront UAG
format. In Location, specify where log files generated by
the built-in reporter should be stored. It is recommended that the
log files are stored on the local Forefront UAG server.
Selecting event messages for SMTP
logging
Use this procedure to specify which event messages should be sent to e-mail recipients during SMTP logging.
To select messages sent during SMTP logging
-
Create a custom message definitions file. If such a file already exists, use the existing file. Note that a working knowledge of XML is required before configuring this XML file.
-
For each message that you want to send to the SMTP server, under the <Reporters> element, add a new <Reporter> element with the value “mail”, as follows:
<Reporter>mail</Reporter>For example, to send an e-mail message each time the number of concurrent authenticated sessions that can be opened through a trunk is exceeded, in the message "Number of Max Concurrent Sessions Exceeded", add the Mail reporter, as follows (note that for clarity, some of the event parameters are not shown in the sample code):
Copy Code<Message> <Id>15</Id> <Severity>Warning</Severity> <Type>Session</Type> <Name>AuthenticatedMaxExceeded</Name> <Desc>Number of Max Concurrent Sessions Exceeded</Desc> <DynamicDesc>VGhlIG1heGltYWwgbnVtYmVyIG9</DynamicDesc> <Params> <Param> <Name>MaxValue</Name> </Param> </Params> <Reporters> <Reporter>mail</Reporter> <Reporter>syslog</Reporter> <Reporter>builtin-log</Reporter> </Reporters> </Message> <Message> <Id>15</Id> <Severity>Warning</Severity> <Type>Session</Type> <Name>AuthenticatedMaxExceeded</Name> <Desc>Number of Max Concurrent Sessions Exceeded</Desc> <DynamicDesc>VGhlIG1heGltYWwgbnVtYmVyIG9</DynamicDesc> <Params> <Param> <Name>MaxValue</Name> </Param> </Params> <Reporters> <Reporter>mail</Reporter> <Reporter>syslog</Reporter> <Reporter>builtin-log</Reporter> </Reporters> </Message>
-
When you have finished editing the file, open the Forefront UAG Management console. Click the Activate icon to activate the configuration, and then click Activate. After the configuration is activated, the specified messages are reported to the SMTP server, and sent to the specified recipients.