fireguy1125
asked on
Exchange 2010 Authentication Logs by IP Address
Is there a log file on Exchange 2010 that logs attempts and or successful connections of users made to connect via Outlook client to Exchange? I have an IP address that was given to me, and I need to know if this workstation has had any communication with the Exchange server, and if it would be able to provide a username or other detailed information in order for me to track it down.
Thanks.
Thanks.
Look at the windows security event log on the exchange server. You can filter by date/time range and sometimes by user.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
One other thing....
Because it's Exchange 2010, you'll need to make sure you're looking at the server that holds the correct role. If you're a smaller environment, you may only have 1 or 2 servers, so that won't be a big deal. I think the role you're trying to focus here is the "Mailbox" role. If you were more worried about a mobile device, I'd say you'd need to look at the Client Access role (the event logs on the server that hosts that role that is).
Because it's Exchange 2010, you'll need to make sure you're looking at the server that holds the correct role. If you're a smaller environment, you may only have 1 or 2 servers, so that won't be a big deal. I think the role you're trying to focus here is the "Mailbox" role. If you were more worried about a mobile device, I'd say you'd need to look at the Client Access role (the event logs on the server that hosts that role that is).
ASKER
Thanks, didn't realize this was in Security Event Log, Log Parser really helpful.
Hope that all worked out for you. Thanks for the grade.