Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Tracking IP address and eventually the user who is logging into Outlook e-mail via OWA

Posted on 2007-11-24
8
865 Views
Last Modified: 2008-02-01
Hi,
We have staff logging into e-mail via Outlook web access.  I've read that you can track who is logging in by tracking their IP address.  Is this tracking automatic or does it need to be turned on?  Does the log show the IP address and does that alone help figure out who is logging in and from where or other there other steps that need to be taken to identify unauthorized people who should not be getting onto our system or to someone elses e-mail if they are a valid user.

Thanks
0
Comment
Question by:slnewt
  • 3
  • 3
  • 2
8 Comments
 
LVL 16

Assisted Solution

by:2PiFL
2PiFL earned 250 total points
ID: 20344227

The OWA logs are stored here: C:\WINDOWS\system32\LogFiles\W3SVC1

I know of no MS utility to track by IP but maybe someone knows of a 3rd party app.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
ID: 20344557
The only logging is what is available in IIS logs. Nothing in Exchange logs the access. However as they are standard IIS logs, any decent IIS log processing package will be able to process those logs, you may just have to tweak the reports they generate to give you the information you want.
You can modify what is logged by looking at the logging option in IIS Manager, under the default web site.

Simon.
0
 

Author Comment

by:slnewt
ID: 20344591
What program can I get to read the logs?  Also, more importantly can I tell who is accessing the e-mail so we know it is only the authorized person who owns the e-mail account.  For example if Joe is a staff member logging in but not to his accuont but into Mary's e-mail will I be able to find that out?
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 104

Expert Comment

by:Sembee
ID: 20344648
If the user has the credentials of the other account then that will not show in the logs. If you suspect that someone is using their own credentials to login to another account then why do they have permissions to that account? It is not default for users to be able to access other users mailboxes without being granted permissions.

IIS logs are very common - Google for them. There are free ones and there are paid for versions. You could also look at Microsoft's Log Parser tool but you have to build SQL type queries with that.

Simon.
0
 

Author Comment

by:slnewt
ID: 20344666
So basically if someone happens to know my password and gets into my account there is no way to know using the logs?  I thought the person's IP address would show up so I can see if it's me logging in.  So, if I live in San Francisco and log in versus someone who lives in Stanford I can at least tell it's not me logging in based on the location.  Can the log tell me that?

Is there a free version of the IIS log you would recommend or have used before?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20345512
The external IP address will be logged. However for geo information you will need to purchase a database or a product with the database integrated. Geo location from IP address is possible with most ISPs (not all) but I don't know of any free database that goes closer than country, certainly not to city or state level.

I haven't used any free IIS log processing tool enough to make a recommendation.

Simon.
0
 
LVL 16

Assisted Solution

by:2PiFL
2PiFL earned 250 total points
ID: 20345646
I use Wordpad's Find feature for the mailbox in question then look it up here:

http://www.geobytes.com/IpLocator.htm?GetLocation

It's free but is fairly accurate.
0
 
LVL 16

Expert Comment

by:2PiFL
ID: 20345935

I should have said "I use Wordpad's Find feature for the mailbox in question then look up the IP address it was accessed from, then look it up here:

http://www.geobytes.com/IpLocator.htm?GetLocation

Also:

http://a2zinternet.net/ is a good site to get information on an IP address.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question