This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
checky04
Captain
Captain
‎2016-03-07 20:36
855 views

IIS 8.5 x-Forwarded-For

Jump to solution

Hi,  I'm setting up our IIS 8.5 logs and we added the column X-forwader to get the original source/attacker instead of the web server IP.  I can see this info in our Logger with column name "AD.x-Forwarded-For" but I cannot find this field in the ArcSight Express 4.0 console.   Can you please guide in setting this event?

Thanks and regards,

Richel

Labels (1)
Labels
0 Likes
Reply
Report Inappropriate Content
1 Solution

Accepted Solutions
checky04
Captain
Captain
‎2016-03-14 20:16

Jump to solution

Thanks!   I will try this option during my maintenance and will let you know the outcome.  So far adding this in the ESM sever.properties fix my issue.

"turbo.enabled=false"

View solution in original post

0 Likes
Reply
Report Inappropriate Content
3 Replies
joao.farias
Absent Member.
Absent Member.
‎2016-03-07 23:46

Jump to solution

Hi Richel. You can add a conditional mapping. Go to the ESM console and right click on the connector that is pulling logs from logger. Then Send Command -> Mapping -> Get additional Names. Take notes about the additional fields you want and map them through the same path on "Map additional names".

0 Likes
Reply
Report Inappropriate Content
checky04
Captain
Captain
‎2016-03-14 20:16

Jump to solution

Thanks!   I will try this option during my maintenance and will let you know the outcome.  So far adding this in the ESM sever.properties fix my issue.

"turbo.enabled=false"

View solution in original post

0 Likes
Reply
Report Inappropriate Content
ramkishore1
Lieutenant Lieutenant
Lieutenant
‎2020-09-29 07:32

Jump to solution
is there any other way
0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.