OWA logging monitoring

Is it possible to monitor (through logs, real time) users checking their mails using OWA in Exchange 2007. Idea is to know from which public ip address they're checking their emails. In Exchange 2003, it was possible to see it in logs of IIS.
ICOHelpdeskAsked:
Who is Participating?
 
MesthaCommented:
That probably means you need to change the logging settings on the ISA server. My knowledge of ISA is not great, so I don't know if it has its own logs or uses IIS logs.

-M
0
 
MesthaCommented:
Same thing with Exchange 2007. IIS logs will show you some information. You will probably have to adjust the logging levels. Can't be done realtime though, but a good IIS logging tool would show you what is happening once the logs have been written to disk.

-M
0
 
ICOHelpdeskAuthor Commented:
I can't find anything in IIS to adjust. All options to show client IP, and other options are already selected, but nothing shows client IP address connecting from.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
MesthaCommented:
You should have a line in the log similar to this:

2008-11-06 13:18:47 W3SVC1 192.168.11.3 GET /owa - 443 - 123.456.789.000 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+Media+Center+PC+5.0;+.NET+CLR+3.0.04506;+Tablet+PC+2.0;+InfoPath.2;+.NET+CLR+3.5.21022;+.NET+CLR+1.1.4322) 301 0 0

That is an actual log from my Tablet connecting to OWA from an external host.
192.168.11.3 is my Exchange server, and 123.456.789.000 is the external IP address I was connecting from. I have mangled it as it was a client site.  

The log settings are on the root of the Default Web Site.

-M
0
 
ICOHelpdeskAuthor Commented:
In my logs as the external IP address, it shows internal IP of firewall, in my case ISA 2006. I'm not sure whether I can do something in ISA server to show real client IP.
0
 
MesthaCommented:
Ah.
Should have mentioned the ISA.
The log on the Exchange server itself only applies if the traffic is going direct to the Exchange server.
The external IP address isn't seen by Exchange because it sees the traffic as originating on the ISA server. You will need to use the logs on the ISA server to track the external IP addresses.

-M
0
 
ICOHelpdeskAuthor Commented:
I checked, and tested ISA Firewall log, it shows a lot, but not username of the client, and it is domain member so should be able to resolve.
0
 
ICOHelpdeskAuthor Commented:
Mestha,

Thank you for help.
I had to enable logging for Web Proxy Logging, and everything is there.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.