This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2008-08-19 07:56 AM

IIS Exchange report including the cs-User-Agent field

Hi, I have IIS logs sending to our enVision appliance and want to use it to report on our user's handhelds connecting to our Exchange servers and the type of handheld device they are using. The report is a simple one, it needs only 4 fields; username, date (no time), status (success/fail) and device type.

 

I have the report sorted with the exception of the device type field. The IIS logs have a "cs(User-Agent)" field, however, this one does not seem to appear in enVision's "Web Accounting" options.

 

Does anyone know how I can get this field into a report?

0 Likes
Reply
7 Replies
AlanLaurencelle
Employee
Employee
‎2008-08-21 11:56 AM

All you need to do is tag the field with an available variable in the device xml file.  The tricky part is knowing UDS and how to use it.  Have you taken the UDS Class?  If so, this will be a snap for you.  If not, UDS is defintiely not something you want to muck with if you are not famila - with great power comes great responsiblity, right?

 

Also, do any other customers out there have this customization done already and are willing to share the device xml with the community?

0 Likes
Reply
RSAAdmin
Beginner
Beginner
‎2008-09-03 10:53 AM

I would submit it to support for inclusion.  IIS is supported, so all fields should be available.  You should not have to deal with UDS for a device that is supported.

 

Regards,

 

Pete

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to AlanLaurencelle
‎2008-10-10 03:44 PM

Does anyone know if any more came of this?  I have the same need and I will submit it to support if nothing more has come of it.
0 Likes
Reply
PatrickChouinar
Beginner
Beginner
In response to RSAAdmin
‎2008-10-14 08:16 PM

If you look at the different parsed fields, one of them ("Content") contains the browser type and version (ex.: MSIE+6.0). You could use this variable in your report to find out more about the end-user's browser.

 

On top of that, there is an Event Source Update available on SecurCare Online; This update contains new code for IIS that might solve your issue. I haven't had the chance to try it yet, but, hopefully, it could help getting more info from IIS.

 

You can download the update by logging to SecureCare Online (https://knowledge.rsasecurity.com) and looking under enVision and downloads.

 

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to PatrickChouinar
‎2008-10-20 05:14 PM

I am actually trying to get the device type for each connection.  I want to know what phones are connectiing to our frontend servers.  I want to create a report of the number of connections by each phone type and whihc users are using whihc phones.  I am downloading the update now.
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-10-20 05:21 PM

I did not see anything related to IIS in the update.  How do I submit this for inclusion so that it can be added.  I don't know hwo to modify the XML to parse it myself.
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-10-22 10:06 AM

The best way I have found is to open a ticket with support since it is already a supported device that should make the enhancement fairly quickly.
0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.