Logging requests matching a rule
Updated: February 1, 2011
Applies To: Forefront Threat Management Gateway (TMG)
You can specify that logging should or should not occur for a specific rule. This can effectively reduce logging load, and it can be useful if a large amount of data is being logged from a specific protocol or source. For example, if you have a rule that denies DHCP requests and the log is filling up with many denied requests, you can disable logging for that rule.
Note
Access rules are created with logging enabled by default.
To configure logging for a specific rule
In the Forefront TMG Management console, in the tree, click the Firewall Policy node.
In the details pane, click the rule for which you want to enable logging.
On the Tasks tab, click Edit Selected Rule.
On the Action tab, do the following:
To log traffic handled by the rule, click Log requests matching this rule.
To specify that traffic handled by the rule should not be logged, clear Log requests matching this rule.
Note
If you disable logging on the default deny rule, Forefront TMG cannot detect port scan attacks.