GET /exchange/ - 80 - xxx.xxx.x.x Mozilla/4.0 401 2 2148074254. (The x's are replacing an IP address.)
Are these lines normal, or is that someone trying to hack into our system?
The log format is based off of the W3C's extended log file format. For troubleshooting purposes, it is possible to have additional information logged.
In the following example, notice that, in addition to what you are logging, there is also a domain and username being logged:
2005-08-05 00:25:05 192.168.1.11 GKrich.luckett 192.168.1.250 80 GET /exchange - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+DigExt)
Learn more about the format here.
Do you have comments on this Ask the Expert Q&A? Let us know.
Related information from SearchExchange.com:
Dig deeper on Outlook Web Access
Related Q&A from Richard Luckett
There are a number of actions to take to implement OWA security, including obvious ones like creating strong password policies. Admins should also ...continue reading
Our resident Microsoft Lync expert explains where to find IP phones that are compatible with Microsoft Lync Server.continue reading
While Cisco IP phones are not directly compatible with Microsoft Lync Server, there are ways to make them compatible. Lync guru Richard Luckett ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.