Captain
Captain
855 views

IIS 8.5 x-Forwarded-For

Jump to solution

Hi,  I'm setting up our IIS 8.5 logs and we added the column X-forwader to get the original source/attacker instead of the web server IP.  I can see this info in our Logger with column name "AD.x-Forwarded-For" but I cannot find this field in the ArcSight Express 4.0 console.   Can you please guide in setting this event?

Thanks and regards,

Richel

Labels (1)
0 Likes
1 Solution

Accepted Solutions
Captain
Captain

Thanks!   I will try this option during my maintenance and will let you know the outcome.  So far adding this in the ESM sever.properties fix my issue.

"turbo.enabled=false"

View solution in original post

0 Likes
3 Replies
Absent Member.
Absent Member.

Hi Richel. You can add a conditional mapping. Go to the ESM console and right click on the connector that is pulling logs from logger. Then Send Command -> Mapping -> Get additional Names. Take notes about the additional fields you want and map them through the same path on "Map additional names".

0 Likes
Captain
Captain

Thanks!   I will try this option during my maintenance and will let you know the outcome.  So far adding this in the ESM sever.properties fix my issue.

"turbo.enabled=false"

View solution in original post

0 Likes
Lieutenant Lieutenant
Lieutenant
is there any other way
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.