Video Screencast Help

IIS 7 advanced logging and X-Forwarded-For

Created: 20 Mar 2013 | 2 comments

We are enabling "advanced logging" on our IIS 7 servers, specifically to include the X-Forwarded-For header so we can see real client IP's in HTTP sessions that were SNAT'ed by a load balancer.  My understanding is that advanced logging makes this work by adding another field to a standard log format like w3c.  The latest IIS collector I see on FileConnect is 4.3, which requires w3c Extended Log File Format with all fields included.

My questions then are:

1. By adding another field to the log file, how will the default collector behave?

2. How do we configure the default collector to parse this additional field and write it to a SSIM event?

3. If we modify the default collector to parse and write this additional field, what happens if that collector is used for w3c logs that does not contain this additional field?

I have some ideas about the answers, but am interested in what others might be doing.

Thanks

 

 

Operating Systems:

Comments 2 CommentsJump to latest comment

Laurent_c's picture

Hi,

 

The collector will only work with the exact loggging config describe in manual. If you add more fields, it will either break the collector or they won't be mapped.

If you need to have extra field in this collector, you will have to request to get a new custom collector written.

 

thanks,

Laurent

 

wste's picture

Thanks Laurent, I was afraid that was going to be the official answer.

Any customers on the forum want to chime in on this?