My organization wanted to continue using logging data from Forefront TMG 2010 to our local SQL Server Express 2008 while also importing the data into ArcSight. We created a time-based DB FlexConnector to crawl the TMG SQL database and extract the events from there.
I was frustrated with the existing documentation to accomplish this goal, so I put this guide together out of my research from Protect724 posts and the ArcSight documentation. My hope is that this guide proves useful for anyone who has to deploy a similar connector or develop a SQL- or time-based FlexConnector.
EDIT 7/29/13: I discovered that the SQL databases fill up and rotate mid-day on one of my heavily used TMG arrays, so I modified the ArcSight Date Updater to include an optional mode to check for this behavior and update the TMG.sdktbdatabase.properties file accordingly.
EDIT 10/3/13: I updated my Bitbucket profile and changed the link in the setup guide accordingly.