The changes in SP1 is definitely something I’ve been meaning to write about. I haven’t had a chance to play with the user activity reporting included in SP1, but from what I understand, you need to enter the user you want to report on in the form of domain\username. The advantages of our software that I mention above still apply here, as you can simply get overviews on your ‘top n’ users, without the need of entering their logged usernames. You can also run individual user reports in our software simply select the users you want to report on (displayed as FirstName LastName) rather than typing the full logged username including the ‘domain\’ prefix.

This topic deserves its own blog article with a more in depth look at the features in SP1. I’ll hopefully get to this very soon. Thanks for reminder!

http://blogs.technet.com/b/forefront/archive/2010/06/07/available-now-forefront-threat-management-gateway-2010-service-pack-1.aspx

We recommend using WebSpy Vantage to report on your Micorosft TMG log files. For more details on how to do this, see:
http://www.webspy.com/vendors/microsoft-ftmg/howto.aspx

Cheers!
Scott.

Thanks for your comment, and I apologise it has taken me so long to respond. Yes, you’re absolutely correct in that TMG logs to SQL Server 2008, and like any database, this can be queried for relevant information as long as you have the tools and expertise (and time!) required to do so. You noted that you opened a support ticket with Microsoft and they pulled the required information for you which is a great testament to Microsoft’s support services.

Unfortunately, this method of obtaining reports is unacceptable for many of our customers as they may not have a similar support agreement and/or do not want to rely on Microsoft each time they need a report.

There is also much more that goes into our reporting solutions beyond the first step of simply querying the SQL databases.

Our customers want to have access to regular usage reports on a daily, weekly or monthly basis. They also want to distribute those reports automatically to the correct people such as department managers or network administrators. Those reports should only contain information relevant to the person receiving the report. For example, department managers receive reports containing the people in their department, or network administrators receive a traffic report for the subnets they are responsible for.

Our software also pulls information from Active Directory (or any LDAP server) to learn about the structure of your organization and the people within it. This information is used to improve the information in reports (for example, instead of displaying WEBSPY01\scottg, the report would simple say Scott Glew, or perhaps Development Department), and filter and distribute reports appropriately.

All this is wrapped in a nice user interface to make it easy for administrators to customize and configure the complete reporting process.

Combine all this with the ability to report on any device (not just Microsoft TMG), masking usernames from certain reports to protect privacy, customizable keyword based categorization of URLs, IP DNS resolution, subnet grouping, file type grouping based on extensions, and… well you get the idea.

Cheers!
Scott

In TMG they are using SQL Server 2008 and we need to create custom queries to pull information from SQL database. Its customizable and very informative.

It will be great if you will add this to your blog .

Thanks,
Bandhar