Exchange 2010 Authentication Logs by IP Address

Is there a log file on Exchange 2010 that logs attempts and or successful connections of users made to connect via Outlook client to Exchange?  I have an IP address that was given to me, and I need to know if this workstation has had any communication with the Exchange server, and if it would be able to provide a username or other detailed information in order for me to track it down.

Who is Participating?
piattndConnect With a Mentor Commented:
To elaborate a bit more:

Every time your outlook connects to the exchange server, it passes credentials across to the server.  These credentials are either manually typed into your Outlook Account configuration, or it uses the current logged on user credentials (typical for "on domain" exchange).

Unfortunately for you, the built in filtering of the event viewer is not too friendly for filtering out authentication events by user.

Logon type you're going to be looking for is logon type 3 (for network based logon).  I'd suggest narrowing down the results to the date range you want, then exporting your items.  You can use a log parser to take it from there.

Microsoft provides a log parser at this url:

This guy goes into pretty good depth for queries using the log parsing tool:

Holler if you have any other questions or run into problems.  This should get you all the information it is you wish to know.
Look at the windows security event log on the exchange server.  You can filter by date/time range and sometimes by user.
One other thing....

Because it's Exchange 2010, you'll need to make sure you're looking at the server that holds the correct role.  If you're a smaller environment, you may only have 1 or 2 servers, so that won't be a big deal.  I think the role you're trying to focus here is the "Mailbox" role.  If you were more worried about a mobile device, I'd say you'd need to look at the Client Access role (the event logs on the server that hosts that role that is).
fireguy1125Author Commented:
Thanks, didn't realize this was in Security Event Log, Log Parser really helpful.
Hope that all worked out for you.  Thanks for the grade.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.