GET /exchange/ - 80 - xxx.xxx.x.x Mozilla/4.0 401 2 2148074254. (The x's are replacing an IP address.)
Are these lines normal, or is that someone trying to hack into our system?
The log format is based off of the W3C's extended log file format. For troubleshooting purposes, it is possible to have additional information logged.
In the following example, notice that, in addition to what you are logging, there is also a domain and username being logged:
2005-08-05 00:25:05 192.168.1.11 GKrich.luckett 192.168.1.250 80 GET /exchange - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+DigExt)
Learn more about the format here.
Do you have comments on this Ask the Expert Q&A? Let us know.
Related information from SearchExchange.com:
Related Q&A from Richard Luckett
Exchange was running low on space, and Outlook asked if I wanted to archive my email messages. What will happen if I do that?continue reading
We need to move more than 20,000 Exchange 2010 public folders to Exchange 2013. What's the best way to do this?continue reading
I'm migrating Exchange 2010 mailboxes to Exchange 2013. How will Outlook clients know the mailboxes moved after the migration?continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.