Use the BalaBit Syslog-ng Agent file source to define the base log directory and files
that are to be monitored by the Syslog-ng Agent.
Procedure
-
From the Start menu, select .
The Syslog-ng Agent window is displayed.
-
Expand the Syslog-ng Agent Settings pane, and select File
Sources.
-
Select the Enable radio button.
-
Click Add to add your Microsoft ISA and TMG event files.
-
From the Base Directory field, click Browse and select the folder for your Microsoft ISA or Microsoft TMG log files.
-
From the File Name Filter field, click Browse and select a log file that contains your Microsoft ISA or Microsoft TMG events.
Note: The File Name Filter field supports the wild card (*) and question mark
(?) characters, which help you to find log files that are replaced, when they reach a specific file
size or date.
-
In the Application Name field, type a name to identify the
application.
-
From the Log Facility list, select Use Global
Settings.
-
Click OK.
To add additional file sources, repeat steps 4 to 9.
-
Click Apply, and then click OK.
The event configuration is complete. You are now ready to configure a syslog destinations and formatting for your Microsoft TMG and ISA events.
Web Proxy Service events and Firewall Service events are stored in individual files by Microsoft ISA and TMG.