Solved

Tracking IP address and eventually the user who is logging into Outlook e-mail via OWA

Posted on 2007-11-24
8
864 Views
Last Modified: 2008-02-01
Hi,
We have staff logging into e-mail via Outlook web access.  I've read that you can track who is logging in by tracking their IP address.  Is this tracking automatic or does it need to be turned on?  Does the log show the IP address and does that alone help figure out who is logging in and from where or other there other steps that need to be taken to identify unauthorized people who should not be getting onto our system or to someone elses e-mail if they are a valid user.

Thanks
0
Comment
Question by:slnewt
  • 3
  • 3
  • 2
8 Comments
 
LVL 16

Assisted Solution

by:2PiFL
2PiFL earned 250 total points
ID: 20344227

The OWA logs are stored here: C:\WINDOWS\system32\LogFiles\W3SVC1

I know of no MS utility to track by IP but maybe someone knows of a 3rd party app.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
ID: 20344557
The only logging is what is available in IIS logs. Nothing in Exchange logs the access. However as they are standard IIS logs, any decent IIS log processing package will be able to process those logs, you may just have to tweak the reports they generate to give you the information you want.
You can modify what is logged by looking at the logging option in IIS Manager, under the default web site.

Simon.
0
 

Author Comment

by:slnewt
ID: 20344591
What program can I get to read the logs?  Also, more importantly can I tell who is accessing the e-mail so we know it is only the authorized person who owns the e-mail account.  For example if Joe is a staff member logging in but not to his accuont but into Mary's e-mail will I be able to find that out?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 104

Expert Comment

by:Sembee
ID: 20344648
If the user has the credentials of the other account then that will not show in the logs. If you suspect that someone is using their own credentials to login to another account then why do they have permissions to that account? It is not default for users to be able to access other users mailboxes without being granted permissions.

IIS logs are very common - Google for them. There are free ones and there are paid for versions. You could also look at Microsoft's Log Parser tool but you have to build SQL type queries with that.

Simon.
0
 

Author Comment

by:slnewt
ID: 20344666
So basically if someone happens to know my password and gets into my account there is no way to know using the logs?  I thought the person's IP address would show up so I can see if it's me logging in.  So, if I live in San Francisco and log in versus someone who lives in Stanford I can at least tell it's not me logging in based on the location.  Can the log tell me that?

Is there a free version of the IIS log you would recommend or have used before?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20345512
The external IP address will be logged. However for geo information you will need to purchase a database or a product with the database integrated. Geo location from IP address is possible with most ISPs (not all) but I don't know of any free database that goes closer than country, certainly not to city or state level.

I haven't used any free IIS log processing tool enough to make a recommendation.

Simon.
0
 
LVL 16

Assisted Solution

by:2PiFL
2PiFL earned 250 total points
ID: 20345646
I use Wordpad's Find feature for the mailbox in question then look it up here:

http://www.geobytes.com/IpLocator.htm?GetLocation

It's free but is fairly accurate.
0
 
LVL 16

Expert Comment

by:2PiFL
ID: 20345935

I should have said "I use Wordpad's Find feature for the mailbox in question then look up the IP address it was accessed from, then look it up here:

http://www.geobytes.com/IpLocator.htm?GetLocation

Also:

http://a2zinternet.net/ is a good site to get information on an IP address.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video discusses moving either the default database or any database to a new volume.

823 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question