• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 714
  • Last Modified:

OWA logging monitoring

Is it possible to monitor (through logs, real time) users checking their mails using OWA in Exchange 2007. Idea is to know from which public ip address they're checking their emails. In Exchange 2003, it was possible to see it in logs of IIS.
0
ICOHelpdesk
Asked:
ICOHelpdesk
  • 4
  • 4
1 Solution
 
MesthaCommented:
Same thing with Exchange 2007. IIS logs will show you some information. You will probably have to adjust the logging levels. Can't be done realtime though, but a good IIS logging tool would show you what is happening once the logs have been written to disk.

-M
0
 
ICOHelpdeskAuthor Commented:
I can't find anything in IIS to adjust. All options to show client IP, and other options are already selected, but nothing shows client IP address connecting from.
0
 
MesthaCommented:
You should have a line in the log similar to this:

2008-11-06 13:18:47 W3SVC1 192.168.11.3 GET /owa - 443 - 123.456.789.000 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+Media+Center+PC+5.0;+.NET+CLR+3.0.04506;+Tablet+PC+2.0;+InfoPath.2;+.NET+CLR+3.5.21022;+.NET+CLR+1.1.4322) 301 0 0

That is an actual log from my Tablet connecting to OWA from an external host.
192.168.11.3 is my Exchange server, and 123.456.789.000 is the external IP address I was connecting from. I have mangled it as it was a client site.  

The log settings are on the root of the Default Web Site.

-M
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
ICOHelpdeskAuthor Commented:
In my logs as the external IP address, it shows internal IP of firewall, in my case ISA 2006. I'm not sure whether I can do something in ISA server to show real client IP.
0
 
MesthaCommented:
Ah.
Should have mentioned the ISA.
The log on the Exchange server itself only applies if the traffic is going direct to the Exchange server.
The external IP address isn't seen by Exchange because it sees the traffic as originating on the ISA server. You will need to use the logs on the ISA server to track the external IP addresses.

-M
0
 
ICOHelpdeskAuthor Commented:
I checked, and tested ISA Firewall log, it shows a lot, but not username of the client, and it is domain member so should be able to resolve.
0
 
MesthaCommented:
That probably means you need to change the logging settings on the ISA server. My knowledge of ISA is not great, so I don't know if it has its own logs or uses IIS logs.

-M
0
 
ICOHelpdeskAuthor Commented:
Mestha,

Thank you for help.
I had to enable logging for Web Proxy Logging, and everything is there.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now