This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Sending logs from Threat Management Gateway 2010 to LEM

I would like to send logs from TMG to LEM.  I have searched Thwack for posts on the subject and did not find any.  Has anyone been able to configure this and see the logs in LEM?  TMG plays an integral part on our security posture and we would like LEM to be able to see this logs.  I am sure the process will involve creating a rule in TMG to allow the logs to be forwarded to our LEM appliance, but before I invent the wheel I wanted to check if anyone in the community had done any work on this.  Thank you in advance.

  • FormerMember
    0 FormerMember

    We've had a couple of questions about TMG, but I don't think any have been on thwack. TMG is backed by the former ISA Server, which we do have a connector for (it's just marked ISA). What we've seen with TMG is that a lot of people are more likely to be logging it to a database than to files on disk, which we don't currently have a connector for, but if you configure TMG to log to files on disk, you should be able to deploy an agent to the TMG server, use the ISA 2006 connector(s - there's actually two, one for web proxy, one for firewall), and get your data coming in to LEM. The instructions for ISA are in the KB here: SolarWinds Knowledge Base :: Integrating your ISA server with SolarWinds LEM