Solved

Tracking IP address and eventually the user who is logging into Outlook e-mail via OWA

Posted on 2007-11-24
8
862 Views
Last Modified: 2008-02-01
Hi,
We have staff logging into e-mail via Outlook web access.  I've read that you can track who is logging in by tracking their IP address.  Is this tracking automatic or does it need to be turned on?  Does the log show the IP address and does that alone help figure out who is logging in and from where or other there other steps that need to be taken to identify unauthorized people who should not be getting onto our system or to someone elses e-mail if they are a valid user.

Thanks
0
Comment
Question by:slnewt
  • 3
  • 3
  • 2
8 Comments
 
LVL 16

Assisted Solution

by:2PiFL
2PiFL earned 250 total points
Comment Utility

The OWA logs are stored here: C:\WINDOWS\system32\LogFiles\W3SVC1

I know of no MS utility to track by IP but maybe someone knows of a 3rd party app.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
Comment Utility
The only logging is what is available in IIS logs. Nothing in Exchange logs the access. However as they are standard IIS logs, any decent IIS log processing package will be able to process those logs, you may just have to tweak the reports they generate to give you the information you want.
You can modify what is logged by looking at the logging option in IIS Manager, under the default web site.

Simon.
0
 

Author Comment

by:slnewt
Comment Utility
What program can I get to read the logs?  Also, more importantly can I tell who is accessing the e-mail so we know it is only the authorized person who owns the e-mail account.  For example if Joe is a staff member logging in but not to his accuont but into Mary's e-mail will I be able to find that out?
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
If the user has the credentials of the other account then that will not show in the logs. If you suspect that someone is using their own credentials to login to another account then why do they have permissions to that account? It is not default for users to be able to access other users mailboxes without being granted permissions.

IIS logs are very common - Google for them. There are free ones and there are paid for versions. You could also look at Microsoft's Log Parser tool but you have to build SQL type queries with that.

Simon.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:slnewt
Comment Utility
So basically if someone happens to know my password and gets into my account there is no way to know using the logs?  I thought the person's IP address would show up so I can see if it's me logging in.  So, if I live in San Francisco and log in versus someone who lives in Stanford I can at least tell it's not me logging in based on the location.  Can the log tell me that?

Is there a free version of the IIS log you would recommend or have used before?
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
The external IP address will be logged. However for geo information you will need to purchase a database or a product with the database integrated. Geo location from IP address is possible with most ISPs (not all) but I don't know of any free database that goes closer than country, certainly not to city or state level.

I haven't used any free IIS log processing tool enough to make a recommendation.

Simon.
0
 
LVL 16

Assisted Solution

by:2PiFL
2PiFL earned 250 total points
Comment Utility
I use Wordpad's Find feature for the mailbox in question then look it up here:

http://www.geobytes.com/IpLocator.htm?GetLocation

It's free but is fairly accurate.
0
 
LVL 16

Expert Comment

by:2PiFL
Comment Utility

I should have said "I use Wordpad's Find feature for the mailbox in question then look up the IP address it was accessed from, then look it up here:

http://www.geobytes.com/IpLocator.htm?GetLocation

Also:

http://a2zinternet.net/ is a good site to get information on an IP address.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now