In the Forefront Unified Access Gateway (UAG) Web Monitor, you can query events that are recorded by the built-in Forefront UAG logging mechanism.

To query events

  1. In the Web Monitor, click Event Query.

  2. In the Trunks list, select the trunk for which you want to generate the query.

  3. Specify a period of time for the query. You can either select a predefined period, or define dates in Start date and End date.

  4. In Category, Severity, and Type, create a filter for the type of events that you want the query to display.

  5. Click Advanced Options to specify optional query parameters.

  6. In Session ID, specify the session ID if you want to run the query for a specific session.

  7. In Lead User, specify the user name if you want to run the query for a specific user. You can specify an asterisk wildcard (*) for a group of users. For example, to run a query for all users of a domain named "ActiveDirectory", specify ActiveDirectory\*.

  8. In Old Trunks, specify the name of a trunk that is no longer defined in the Forefront UAG Management console. To specify multiple old trunks, separate them with a comma. Specify an HTTPS trunk with "(S)"; for example: MyTrunk, MyTrunk2 (S). Select Include trunks selected in the "Trunks" list above to include trunks displayed in the Trunks list.

  9. Click Submit to start the query.

    Generating a query uses system resources, and might affect system performance. Depending on the size of the logs and specified parameters, running the query may take several minutes. It is recommended to refine the query as much as possible. In particular, generate a query only for the required date range. The maximum number of query results is specified in the event log settings.

  10. In the Event Reports windows, review the query results. For more information about warning and error messages, click the event ID.