Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Tracking IP address and eventually the user who is logging into Outlook e-mail via OWA

Posted on 2007-11-24
8
Medium Priority
?
875 Views
Last Modified: 2008-02-01
Hi,
We have staff logging into e-mail via Outlook web access.  I've read that you can track who is logging in by tracking their IP address.  Is this tracking automatic or does it need to be turned on?  Does the log show the IP address and does that alone help figure out who is logging in and from where or other there other steps that need to be taken to identify unauthorized people who should not be getting onto our system or to someone elses e-mail if they are a valid user.

Thanks
0
Comment
Question by:slnewt
  • 3
  • 3
  • 2
8 Comments
 
LVL 16

Assisted Solution

by:2PiFL
2PiFL earned 750 total points
ID: 20344227

The OWA logs are stored here: C:\WINDOWS\system32\LogFiles\W3SVC1

I know of no MS utility to track by IP but maybe someone knows of a 3rd party app.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 750 total points
ID: 20344557
The only logging is what is available in IIS logs. Nothing in Exchange logs the access. However as they are standard IIS logs, any decent IIS log processing package will be able to process those logs, you may just have to tweak the reports they generate to give you the information you want.
You can modify what is logged by looking at the logging option in IIS Manager, under the default web site.

Simon.
0
 

Author Comment

by:slnewt
ID: 20344591
What program can I get to read the logs?  Also, more importantly can I tell who is accessing the e-mail so we know it is only the authorized person who owns the e-mail account.  For example if Joe is a staff member logging in but not to his accuont but into Mary's e-mail will I be able to find that out?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 104

Expert Comment

by:Sembee
ID: 20344648
If the user has the credentials of the other account then that will not show in the logs. If you suspect that someone is using their own credentials to login to another account then why do they have permissions to that account? It is not default for users to be able to access other users mailboxes without being granted permissions.

IIS logs are very common - Google for them. There are free ones and there are paid for versions. You could also look at Microsoft's Log Parser tool but you have to build SQL type queries with that.

Simon.
0
 

Author Comment

by:slnewt
ID: 20344666
So basically if someone happens to know my password and gets into my account there is no way to know using the logs?  I thought the person's IP address would show up so I can see if it's me logging in.  So, if I live in San Francisco and log in versus someone who lives in Stanford I can at least tell it's not me logging in based on the location.  Can the log tell me that?

Is there a free version of the IIS log you would recommend or have used before?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20345512
The external IP address will be logged. However for geo information you will need to purchase a database or a product with the database integrated. Geo location from IP address is possible with most ISPs (not all) but I don't know of any free database that goes closer than country, certainly not to city or state level.

I haven't used any free IIS log processing tool enough to make a recommendation.

Simon.
0
 
LVL 16

Assisted Solution

by:2PiFL
2PiFL earned 750 total points
ID: 20345646
I use Wordpad's Find feature for the mailbox in question then look it up here:

http://www.geobytes.com/IpLocator.htm?GetLocation

It's free but is fairly accurate.
0
 
LVL 16

Expert Comment

by:2PiFL
ID: 20345935

I should have said "I use Wordpad's Find feature for the mailbox in question then look up the IP address it was accessed from, then look it up here:

http://www.geobytes.com/IpLocator.htm?GetLocation

Also:

http://a2zinternet.net/ is a good site to get information on an IP address.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question