Forefront TMG SP1 includes some significant improvements to the reporting functionality:
- New look-and-feel for all existing reports – cleaner aesthetics that match other Forefront products.
- User Activity Report: provides detailed information about the activity of specific users.
- Reports added for new features introduced in SP1 - User Overrides and BranchCache integration.
Here are some examples of how the existing reports look after redesign:
User Activity ReportsThis kind of report allows you to see the web activity of specified users. User Activity report does not take its data from the summaries, but extracts it directly from Forefront TMG logs, so the report is always up-to-date at creation time.
This is a One-Time report which means that you can’t make a recurring User Activity report.
The users can be specified by their username (e.g. contoso\evgeny) or by IP address. Forefront TMG must require user authentication in order to be able to specify users for the report by username, otherwise all web traffic will be marked as anonymous and the report can only be generated by specifying IP addresses instead of usernames.
Here is a walk-through for generating a User Activity Report:
1. Go to ‘Logs & Reports’ à Reporting Tab and click Create User Activity Report Job
2. After typing the new report name in the wizard, a Reporting Details dialog will open.
In this dialog you should choose the period of time and list of the users you want to get a report for.
The list of users (and IP addresses) should be separated by semicolons.
3. After that you need to configure publishing location and email address to send the report to, finish the wizard and click Apply the configuration.
4. Select the just created report and click Generate Selected Report.
Please note, the generation is expected to take more time than a generation of regular one-time report, since the data is taken directly from the logs rather than from summary tables.
5. And this is the report that we get:
Reports for User Override featureUser Override for blocked URL categories is a feature introduced in SP1 which allows the user to override the policy restriction when permitted and access the blocked site.
This feature has two reports:
- The first report displays which URLs were overridden most by the users. This can indicate a need to reevaluate the policy regarding these URLs.
- The second report displays a list of ‘Top overriders’ and the URLs overridden by them.
If the authentication is not enabled by access rules, IP addresses will be shown instead of user names.
- This report can indicate a possible abuse of the policy by these users and may require further investigation of the users’ actions.