Log IP for Successful Logins

Question

User-1520822264 posted

My question: How do I log the calling IP address ONLY for client with a valid smart card and pin? I'm currently using the default W3C logging, which records the calling IP in the log file, without regard for whether the caller has a smart card and successfully enters a pin. Even if I could just add a flag to the log file to identify IPs that logged in, I could sort that later with log file parsing.

My production server is IIS 7.5 on Windows 2008 R2. I've turned on user authentication by smart card using the following steps:

IIS -> Default Web Site -> SSL Settings -> 

Require SSL: Checked

Client certificates: Require

If the smart card has a valid cert, and the user types in their pin correctly, they gain access to the web site and web service.

Answer 1

User-848649084 posted

Hi,

You need to write this kind application which reds iis logs and filter data for you. or you could use a tool like log parser and write a query for it.

Link for download log parser tool. 

Regards,

Jalpa

Answer 2

User-1520822264 posted

That is helpful, so thanks. In order to successfully use this tool, I'll need to identify some sort of flag in the log file that denotes and authenticated IP. Any suggestions?

Answer 3

User-848649084 posted

You need to write a query by yourself as per the requirement and fields. di you get any error message when the IP is unauthenticated? and which fields you have in your log? 

Answer 4

User-1520822264 posted

Thanks for the reply. I've written many PowerShell scripts, so doing that is okay. What I do not know is the flags that identify an IP that has been authenticated. Ideals, or even a resource or example to look at?

Thanks,

Randy

Answer 5

User-848649084 posted

did you any error messages or status code when ip is unauthenticated?