Configuring the BalaBit Syslog-ng Agent file source

Use the BalaBit Syslog-ng Agent file source to define the base log directory and files that are to be monitored by the Syslog-ng Agent.

Procedure

  1. From the Start menu, select All Programs > syslog-ng Agent for Windows > Configure syslog-ng Agent for Windows.

    The Syslog-ng Agent window is displayed.

  2. Expand the Syslog-ng Agent Settings pane, and select File Sources.
  3. Select the Enable radio button.
  4. Click Add to add your Microsoft ISA and TMG event files.
  5. From the Base Directory field, click Browse and select the folder for your Microsoft ISA or Microsoft TMG log files.
  6. From the File Name Filter field, click Browse and select a log file that contains your Microsoft ISA or Microsoft TMG events.
    Note: The File Name Filter field supports the wild card (*) and question mark (?) characters, which help you to find log files that are replaced, when they reach a specific file size or date.
  7. In the Application Name field, type a name to identify the application.
  8. From the Log Facility list, select Use Global Settings.
  9. Click OK.

    To add additional file sources, repeat steps 4 to 9.

  10. Click Apply, and then click OK.

    The event configuration is complete. You are now ready to configure a syslog destinations and formatting for your Microsoft TMG and ISA events.

    Web Proxy Service events and Firewall Service events are stored in individual files by Microsoft ISA and TMG.