How to log OWA Access ? (to trackdown IP Address and connected mailbox)

To All Expert,

I'm just wondering and been looking around if there's anyway to get the IP address detail of OWA access (anyone who use OWA, their IP and username is logged) and probably write it down to SQL Server database or even just simple text file will do.

is this something that IIS 6.1 can do or should i do it in ASP 3.0 way ?

the reason I'm doing this is for company compliance policy to trackdown the OWA usage and making sure that certain username that accessing a particular IIS directory is logged properly.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Go to the default website's log path which is typically...


and you should see an entry such as this...

2008-11-05 06:51:20 GET /exchange

There will be other entries as well.... You can test it by going from your home IP and then checking the logs and see all the entries logged with GET requests matching your IP.

I hope this helps.

jjozAuthor Commented:

thanks for your reply Top_rung,
I can see it like the following attached file.

is it because my CAS is sitting behind proxy/firewall ?

if it yes, then there's no other way apart from parsing the file manually then.

2008-11-04 23:58:31 W3SVC1 <ExcServer IP> POST /owa/ev.owa oeh=1&ns=Notify&ev=Poll 443 - <PROXY SERVER IP> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 401 1 0
2008-11-04 23:58:31 W3SVC1 <ExcServer IP> POST /owa/ev.owa oeh=1&ns=Notify&ev=Poll&prfltncy=0&prfrpccnt=0&prfrpcltncy=0&prfldpcnt=0&prfldpltncy=0&prfavlcnt=0&prfavlltncy=0 443 DOAMIN.COM\Administrator <PROXY SERVER IP> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0

Open in new window


Sorry for the late response.  Yeah, it looks like you won't get the info there due to the proxy.  I presume you will need to get the information from the proxy logs - that is, look for whatever is destined for the exchange owa - you should see the source IP there (assuming you are logging that info).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jjozAuthor Commented:
easy to understand
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.