Configuring the BalaBit Syslog-ng Agent file source
Use the BalaBit Syslog-ng Agent file source to define the base log directory and files that are to be monitored by the Syslog-ng Agent.
From the Start menu, select .
The Syslog-ng Agent window is displayed.
- Expand the Syslog-ng Agent Settings pane, and select File Sources.
- Select the Enable radio button.
- Click Add to add your Microsoft ISA and TMG event files.
- From the Base Directory field, click Browse and select the folder for your Microsoft ISA or Microsoft TMG log files.
From the File Name Filter field, click Browse and select a log file that contains your Microsoft ISA or Microsoft TMG events.
Note: The File Name Filter field supports the wild card (*) and question mark (?) characters, which help you to find log files that are replaced, when they reach a specific file size or date.
- In the Application Name field, type a name to identify the application.
- From the Log Facility list, select Use Global Settings.
To add additional file sources, repeat steps 4 to 9.
Click Apply, and then click OK.
The event configuration is complete. You are now ready to configure a syslog destinations and formatting for your Microsoft TMG and ISA events.
Web Proxy Service events and Firewall Service events are stored in individual files by Microsoft ISA and TMG.