Remove From My Forums

event viewer security event - servers behind a proxy

Question

0

Sign in to vote

Hi,

we have some servers (mainly for IIS roles) that sit behind a proxy server.

Is there a way to set the windows security event log to listen to x-forwarder headers (when present) and include the real source client IP in the event? I know that IIS does this automatically in it own log- however when searching for user lockout events we do so in the windows security event log on the domain controller- not having the info there makes lockouts very difficult to track (sadly we have no siem or log management tool)

Sunday, February 11, 2018 10:01 AM

Reply

|

Quote

All replies

0

Sign in to vote

Hello,

This is a forum covering questions about Security Update Guide mainly.

To get better support for this case, I would recommend to post your question to the following forum.

https://social.technet.microsoft.com/Forums/security/en-US/home?forum=winservergen&filter=alltypes&sort=lastpostdesc

Best regards,

Andy Liu
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Monday, February 12, 2018 8:15 AM

Reply

|

Quote