IIS Exchange report including the cs-User-Agent field
Hi, I have IIS logs sending to our enVision appliance and want to use it to report on our user's handhelds connecting to our Exchange servers and the type of handheld device they are using. The report is a simple one, it needs only 4 fields; username, date (no time), status (success/fail) and device type.
I have the report sorted with the exception of the device type field. The IIS logs have a "cs(User-Agent)" field, however, this one does not seem to appear in enVision's "Web Accounting" options.
Does anyone know how I can get this field into a report?
All you need to do is tag the field with an available variable in the device xml file. The tricky part is knowing UDS and how to use it. Have you taken the UDS Class? If so, this will be a snap for you. If not, UDS is defintiely not something you want to muck with if you are not famila - with great power comes great responsiblity, right?
Also, do any other customers out there have this customization done already and are willing to share the device xml with the community?
If you look at the different parsed fields, one of them ("Content") contains the browser type and version (ex.: MSIE+6.0). You could use this variable in your report to find out more about the end-user's browser.
On top of that, there is an Event Source Update available on SecurCare Online; This update contains new code for IIS that might solve your issue. I haven't had the chance to try it yet, but, hopefully, it could help getting more info from IIS.
You can download the update by logging to SecureCare Online (https://knowledge.rsasecurity.com) and looking under enVision and downloads.