Open mctunes opened 1 year ago
michalkleiner
commented
1 year ago Hi @mctunes,
thank you for opening the issue. We've put it in our backlog for prioritisation. Since the mechanism should already supported, we'll look into providing an example for this (or better guidance for the existing docs).
Would you be able to provide some anonymised log rows with different values as an example? Thanks!
mctunes
commented
1 year ago Hi @michalkleiner,
Many thanks for your response. I've attached a sample IIS log file with 100 rows, containing the four extra custom fields. I've edited this quite a bit manually to remove any traces of our application URLs, etc, so if it fails to import, just let me know and I'll endeavor to provide another working log file.
Thanks again!
In an attempt to monitor the security protocols and ciphers used by clients connecting to an IIS 8.5 server, we have activated four custom logging fields that return the protocol, cipher, hash and key exchange:
These four new fields are appended to the standard IIS log:
date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken crypt-protocol crypt-cipher crypt-hash crypt-keyexchangeWe would like to be able to visualize which protocols and ciphers are being used/not used, so we can harden the web server. From what I understand, this should be possible by adding the fields to
import_logs.py, and then extracting the data into custom dimensions.Would it be possible to update the README.md to include an example of how we might achieve this, or provide some kind of template for extracting the TLS data?
Many thanks in advance!
(The following forum thread describes the issue: Tracking TLS Version)