TMG Back to Basics – Part 6: Reports

If you would like to read the other parts in this article series please go to:

Introduction

The TMG reporting feature is one of the more interesting and impressive features included with the TMG firewall, with which you can create interesting and informative reports without the need to learn any query language. While the TMG reports are somewhat limited in their configurability, you’ll find that these reports are likely to contain the information you need to make key decisions regarding TMG firewall policies and your users.

Let’s get started with reports. In the left pane of the TMG firewall console, click the Logs & Reports node and then click the Reports tab. After you click the Reports tab, click the Tasks Tab in the Task Pane. Here you’ll see the Tasks list that appears in Figure 1 below. Let’s start by examining what you can do after clicking the Configure Reporting Settings link.


Figure 1

In the Reporting Properties dialog box, the first tab is the Log Summary tab. All reports are based on the information contained in Log Summaries. The default setting is to Enable daily and monthly summaries option. Make sure this option is enabled if you want to generate daily and monthly summaries. Weekly reports are based on the daily summaries.

The Generation time is the time during which the summary is created. Because the creation process is processor intensive, it’s a good idea to set this so the summaries will be generated late at night (assuming that’s when the load on your server is lightest). In keeping with this, the default setting is 12:30 A.M. You can also configure the Number of saved daily summaries and Number of saved monthly summaries here, as shown in Figure 2. The number of summaries saved will determine how far into the future you can create various types of reports.


Figure 2

On the Report Server tab, which is shown below in Figure 3, you can configure which of the firewalls in a TMG firewall array is to be responsible for creating the reports. Only one machine in the array will create the report, so you should choose the machine that has the most CPU horsepower, since report generation is processor intensive.


Figure 3

Creating a Recurring Report

Now let’s take a look at how you go about creating a report. On the Tasks Tab in the Task Pane, click the Create a Recurring Report link. This brings up the Welcome to the Recurring Report Job Wizard page that’s shown in Figure 4. In the Report Job name text box on this page, enter a name for the report. Since we’ll be creating a weekly report here, we’ll  get really creative and name the report Weekly Report. Click Next.


Figure 4

On the Recurring Report Job Scheduling page that’s shown in Figure 5, you specify how often and on what day of the week or month the report job is to run. You have three options:

  • Daily
  • Weekly, on this day every week
  • Monthly, on this day every month

Notice that the weekly and monthly options give you a choice of the day or date for report generation. In this example, we’re creating a weekly report, so we’ll select that option and then choose Monday as the day to generate the report each week. Click Next.


Figure 5

On the Report Content page that’s shown in Figure 6, you select which types of content you want to appear in the report. By default, all of the listed categories of content are included. These include the summary, web usage, application usage, traffic and utilization, security, malware protection, URL filtering and Network Inspection System (NIS). For each of the content categories, you can edit the details that will be included in that category by clicking the Edit Report Details button.


Figure 6

When you click on the Edit Report Details button, you’ll see the Report Details dialog box for that section, as shown in Figure 7. In the Subcategory section, you can click the down arrow to configure a subsection. Then in the Report details for this subcategory section, you can configure the Parameter Value.


Figure 7

Figure 8 below shows the configuration option for another subcategory.


Figure 8

Next, on the Send E-mail Notification page that’s shown in Figure 9, you enter the details required for the system to notify you by email that a report is available. These details include:

  • SMTP server – the name or address of an SMTP server that can send email to the people to whom you want notifications sent.  Make sure there is a firewall rule on the TMG firewall that allows outbound SMTP to the location of the SMTP server.
  • From – the email address you want to assign to the TMG firewall.
  • To – the email address(es) to which you want the notification to be sent.
  • Cc – the email address(es) of anyone you want cc:’d on the notification.
  • Message – a message to be included in the email notification.

An example of how you would configure this is in the figure.


Figure 9

On the Report Publishing page, shown in Figure 10, put a checkmark in the Publish reports to a directory checkbox. In the Published reports directory text box, enter the local or remote location where you want to store the reports. If you store the reports on a file server, then click the Set Account button to enter the user name and password of the user account who has permissions to post to the file server’s directory where the reports are stored.

Note that you don’t have to do this if you are storing the reports on the TMG firewall, but if you want to see the reports that are stored on the TMG firewall, you will need to access them at the firewall itself and not through an SMB connection to the firewall from some other computer on the network.


Figure 10

Review the settings on the Completing the Recurring Report Job Wizard page, as shown in Figure 11,  and click Finish.


Figure 11

Click the Apply button, shown in Figure 12, to save the changes.


Figure 12

User Activity Reports

Now let’s see how to create a User Activity Report. This is a new feature included with the TMG firewall that wasn’t available with the ISA firewall. Click the Generate User Activity Report link in the Tasks Tab in the Task Pane. This brings up the Welcome to the User Activity Report Job Wizard, which is shown in Figure 13. In the Report Name test box, enter a name for the report. In this example, we’ll name the report Tom Shinder’s laptop, so we can keep tabs on what Tom’s been up to. 🙂


Figure 13

On the Report Content page that’s shown in Figure 14, you’ll see that the only option is User Activity. Click Editor Report Details.


Figure 14

In the Report Details dialog box, which is shown in Figure 15, the only subcategory that’s listed is Web Sites, so you won’t be able to see any information about any other types of servers the user accessed. In the Report details for this subcategory section, you can edit the Parameter Value for the Report Period and Users. For users, you can use user names or IP addresses. User names only appear if you configured the client systems as Firewall or Web Proxy clients.


Figure 15

On the Send E-mail Notification page, which is shown in Figure 16, you enter the mail details in the same way as described earlier.


Figure 16

On the Report Publishing page, which is shown in Figure 17, you once again enter the details in the same way as described earlier.


Figure 17

Now review the settings on the Completing the User Activity Report Job Wizard page, shown in Figure 18, and click Finish.


Figure 18

Remember to click the Apply button, shown again in Figure 19, to save the changes to the firewall configuration.


Figure 19

Now right click the report name and click Generate and View Report, as shown in Figure 20. It will probably take a minute or so for the report to generate.


Figure 20

You can watch the gears turn, as seen in Figure 21, while you’re waiting!


Figure 21

After the report has been generated, it will be displayed automatically. Figure 22 below shows the results of this report. Not very interesting, is it? It seems that Tom’s activities are all business.


Figure 22

Viewing Reports

You can view reports after they’re created, by right clicking on the name of the report you want to see and then clicking View Published Reports, as shown in Figure 23.


Figure 23

This will open the folder where you are saving the reports, as you can see in Figure 24. Double click on the folder that contains the report you want to see.


Figure 24

In this example, find the file named Report in the folder that contains the report in which you’re interested and double click on it, as shown in Figure 25.


Figure 25

The report opens and shows a number of sections, as you can see in Figure 26.The figure shows the sections that are contained in the default report.


Figure 26

Figure 27 shows an example of one of the sections; in this case, it’s the Top Applications section, which shows which are the top used applications for connecting to the Internet. Note that the Firewall Client must be installed on the client computers in order to get this information about which applications are being used.


Figure 27

Figure 28 below shows an example of another section, which in this case is the Top URL Categories section.


Figure 28

Summary

In this “Basics” article for new TMG admins, we provided you with a high level overview of how to create reports on the TMG firewall. This included how to configure report settings, including log summaries, and how to create recurring and user reports. Then we finished up by looking at the categories of information contained in the default report and saw some examples of the details of report categories.

If you would like to read the other parts in this article series please go to:

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top