Microsoft Forefront TMG 2010 (Epilog) Integration via Syslog

We can follow the steps below to send logs from Microsoft Forefront TMG 2010 application to Logsign.

1- Let's open the Forefront TMG 2010 application.

2- Let's open the menu named Logs & Reports. In the section called Configure Logging on the right, we can make our settings for our Firewall and Web Proxy logs.

1.jpeg

3- First, let's open the Configure Firewall Logging settings.

2.jpeg

4- Let's choose the File option as the area where Forefront TMG 2010 Log files will be saved and Forefront TMG file format as the log format.

5- Next, let's press the Select All button in the Fields menu and let all the fields be recorded in the log.3.jpeg

6- Let's perform the operations we have done for the Firewall logs in the Proxy logs by making the Web Proxy Log settings.

7- If we do not make any changes in the log directory, our Firewall and Web Proxy logs will be saved in the Microsoft Forefront Threat Management Gateway\Logs directory by default.

Note That: Snare Agent Epilog for Windows software must be installed on the server.

http://downloads.sourceforge.net/project/snare/Epilog%20for%20Windows/1.6.0/EpilogSetup-1.6.0-MultiArch.exe?r=&ts=1394884281&use_mirror=kent

8- Epilog for Windows opens, Network Configuration is selected from the left menu. The windows on the right are filled as follows.

- Logsign IP should be written in Desination Snare Server Address.

To save the changes, the Change Configuration button is pressed.

4.png

9- After the completion of the network settings for sending, the files and directories to be sent are selected. For this, Log Configuration is opened from the menu on the left. A new window is called by pressing the Add button on the right.5.png

10- Custom Event Log is selected in the window on the right and after the specified folder and file information is entered, the process is completed by pressing the Change Configuration button.6.jpeg

11- We perform this operation for our logs named Firewall and Web Proxy.

After these processes, you'll add the source to view logs from the Forefront TMG device from the Logsign.

Open the Logsign Unified SecOps Platform WEB interface and click on the "+ Device" button under the Data Collection tab, which is then clicked on the Settings tab in the menu bar on the top of the page. In the Source Type Selection page, choose Syslog as the method. After that, Microsoft is selected as Vendor information, then product is defined as TMG and other informations are added. 

Ekran_Resmi_2022-05-25_14.45.13.png

 

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.