slnewt
asked on
Tracking IP address and eventually the user who is logging into Outlook e-mail via OWA
Hi,
We have staff logging into e-mail via Outlook web access. I've read that you can track who is logging in by tracking their IP address. Is this tracking automatic or does it need to be turned on? Does the log show the IP address and does that alone help figure out who is logging in and from where or other there other steps that need to be taken to identify unauthorized people who should not be getting onto our system or to someone elses e-mail if they are a valid user.
Thanks
We have staff logging into e-mail via Outlook web access. I've read that you can track who is logging in by tracking their IP address. Is this tracking automatic or does it need to be turned on? Does the log show the IP address and does that alone help figure out who is logging in and from where or other there other steps that need to be taken to identify unauthorized people who should not be getting onto our system or to someone elses e-mail if they are a valid user.
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If the user has the credentials of the other account then that will not show in the logs. If you suspect that someone is using their own credentials to login to another account then why do they have permissions to that account? It is not default for users to be able to access other users mailboxes without being granted permissions.
IIS logs are very common - Google for them. There are free ones and there are paid for versions. You could also look at Microsoft's Log Parser tool but you have to build SQL type queries with that.
Simon.
IIS logs are very common - Google for them. There are free ones and there are paid for versions. You could also look at Microsoft's Log Parser tool but you have to build SQL type queries with that.
Simon.
ASKER
So basically if someone happens to know my password and gets into my account there is no way to know using the logs? I thought the person's IP address would show up so I can see if it's me logging in. So, if I live in San Francisco and log in versus someone who lives in Stanford I can at least tell it's not me logging in based on the location. Can the log tell me that?
Is there a free version of the IIS log you would recommend or have used before?
Is there a free version of the IIS log you would recommend or have used before?
The external IP address will be logged. However for geo information you will need to purchase a database or a product with the database integrated. Geo location from IP address is possible with most ISPs (not all) but I don't know of any free database that goes closer than country, certainly not to city or state level.
I haven't used any free IIS log processing tool enough to make a recommendation.
Simon.
I haven't used any free IIS log processing tool enough to make a recommendation.
Simon.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I should have said "I use Wordpad's Find feature for the mailbox in question then look up the IP address it was accessed from, then look it up here:
http://www.geobytes.com/IpLocator.htm?GetLocation
Also:
http://a2zinternet.net/ is a good site to get information on an IP address.
ASKER