Hi,
we have some servers (mainly for IIS roles) that sit behind a proxy server.
Is there a way to set the windows security event log to listen to x-forwarder headers (when present) and include the real source client IP in the event? I know that IIS does this automatically in it own log- however when searching for user lockout events
we do so in the windows security event log on the domain controller- not having the info there makes lockouts very difficult to track (sadly we have no siem or log management tool)