proxy.isaserver
- Borja Moro Moreno
Introduction
The tags beginning with proxy.isaserver identify events generated by Microsoft Forefront Threat Management Gateway (formerly Microsoft ISA Server) belonging to Microsoft.
Valid tags and data tablesÂ
The full tag must have 6 levels. The first two are fixed as proxy.isaserver. The third level identifies the type of events sent and the rest of them indicate the event subtypes.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
|---|---|---|
Microsoft Forefront Threat Management Gateway (formerly Microsoft ISA Server) |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in this table:
proxy.isaserver.accessW3cAb
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
| Â | Â |
environment |
| venv | Â |
site |
| vsite | Â |
clon |
| vclon | Â |
serverdate |
| Â | Â |
srcIp |
| Â | Â |
user |
| Â | Â |
method |
| Â | Â |
url |
| Â | Â |
proto |
| Â | Â |
statusCode |
| Â | Â |
action |
| Â | Â |
userAgent |
| Â | Â |
servername |
| Â | Â |
referer |
| Â | Â |
dstHost |
| Â | Â |
dstIp |
| Â | Â |
dstPort |
| Â | Â |
responseTime |
| Â | Â |
responseLength |
| Â | Â |
requestLength |
| Â | Â |
objSrc |
| Â | Â |
rule |
| Â | Â |
filterInfo |
| Â | Â |
srcNet |
| Â | Â |
dstNet |
| Â | Â |
errInfo |
| Â | Â |
authServer |
| Â | Â |
hostchain |
|  | ✓ |
tag |
|  | ✓ |
rawMessage |
| rawSource | ✓ |