Log IP for Successful Logins RRS feed

  • Question

  • User-1520822264 posted

    My question: How do I log the calling IP address ONLY for client with a valid smart card and pin? I'm currently using the default W3C logging, which records the calling IP in the log file, without regard for whether the caller has a smart card and successfully enters a pin. Even if I could just add a flag to the log file to identify IPs that logged in, I could sort that later with log file parsing.

    My production server is IIS 7.5 on Windows 2008 R2. I've turned on user authentication by smart card using the following steps:

    IIS -> Default Web Site -> SSL Settings -> 

    Require SSL: Checked

    Client certificates: Require

    If the smart card has a valid cert, and the user types in their pin correctly, they gain access to the web site and web service.

    Wednesday, August 21, 2019 12:29 PM

All replies

  • User-848649084 posted


    You need to write this kind application which reds iis logs and filter data for you. or you could use a tool like log parser and write a query for it.

    Link for download log parser tool



    Thursday, August 22, 2019 2:28 AM
  • User-1520822264 posted

    That is helpful, so thanks. In order to successfully use this tool, I'll need to identify some sort of flag in the log file that denotes and authenticated IP. Any suggestions?

    Thursday, August 22, 2019 11:04 AM
  • User-848649084 posted

    You need to write a query by yourself as per the requirement and fields. di you get any error message when the IP is unauthenticated? and which fields you have in your log? 

    Friday, August 23, 2019 1:12 AM
  • User-1520822264 posted

    Thanks for the reply. I've written many PowerShell scripts, so doing that is okay. What I do not know is the flags that identify an IP that has been authenticated. Ideals, or even a resource or example to look at?



    Monday, August 26, 2019 11:17 AM
  • User-848649084 posted

    did you any error messages or status code when ip is unauthenticated? 

    Tuesday, August 27, 2019 2:43 AM