Home > Ask the Microsoft Exchange Experts > Richard Luckett: Spam and Security Questions & Answers > Decoding Outlook Web Access log entries
Ask The Exchange Expert: Questions & Answers
EMAIL THIS

Decoding Outlook Web Access log entries

Richard Luckett EXPERT RESPONSE FROM: Richard Luckett

Pose a Question
Other Exchange Categories
Meet all Exchange Experts
Become an Expert for this site


Exchange Server tips, tutorials and expert advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 27 December 2005
I read your expert answer Checking logs for OWA logon attempts. I was wondering if you could point me somewhere that would tell me how to read those logs. I am a little concerned after looking at some of them. For example, I see a lot of lines like this:

GET /exchange/ - 80 - xxx.xxx.x.x Mozilla/4.0 401 2 2148074254. (The x's are replacing an IP address.)

Are these lines normal, or is that someone trying to hack into our system?



Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED CONTENT
Richard Luckett: Spam and Security
How effective is tracking the IP address of an email hacker?
Why can't I grant users permissions to an Exchange public folder?
How can I configure Exchange IMF to allow an IP address or DNS?
Tool helps identify inbound Exchange Server email flow issues
Configure SMTP relay restrictions in Exchange Server 2003 to stop spam
How to lock down an SMTP relay to prevent spam in Exchange Server 2003
Connecting an Apple iPhone to Exchange Server on Windows SBS 2003
Why does a security alert pop up when accessing Outlook Web Access?
Exchange email sent to a domain using SPF authentication is returned
Selectively set email permissions for Exchange groups

Outlook Web Access
Message date and send times showing incorrectly in Outlook and OWA
Block Web beacons and protect OWA users from spam
OWA 2007 configuration tricks to boost performance
Top 5 Exchange ActiveSync tips
Lock down direct file access and protect OWA users
Simplify an OWA URL on Windows Server 2008
Windows Mobile 6.5 touts Internet Explorer, OWA improvements
When OWA's default configurations aren't good enough
Digging deeper into Exchange Server 2010
Troubleshoot 'System Attendant' error messages in OWA

Microsoft Exchange Server Monitoring and Logging
Analyzing Exchange ActiveSync data from .CSV report files
Top Exchange Server performance monitoring and troubleshooting tools
Extracting Exchange ActiveSync data from IIS log files
How effective is tracking the IP address of an email hacker?
Error message: 'ID no: 8004100e Exchange System Manager'
How to generate HTML reports with the Exchange Management Shell (EMS)
IMAP list command only returns a list of Exchange public folders
A network connection problem or an offline server prevented delivery of the message
Monitor and search Exchange mailboxes for music and video files
How much bandwidth is required to send email in Exchange 2003?

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


It is perfectly normal to see a number of GET commands in the IIS World Wide Web Consortium (W3C) logs. Outlook Web Access is extremely log intensive. There will be an overwhelming amount of log entries -- as you've discovered.

The log format is based off of the W3C's extended log file format. For troubleshooting purposes, it is possible to have additional information logged.

In the following example, notice that, in addition to what you are logging, there is also a domain and username being logged:

2005-08-05 00:25:05 192.168.1.11 GKrich.luckett 192.168.1.250 80 GET /exchange - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+DigExt)

Learn more about the format here.

Do you have comments on this Ask the Expert Q&A? Let us know.
Related information from SearchExchange.com:

  • Tip: Exchange Server diagnostics: An introduction to application and system logs
  • Tip: Exchange Server diagnostics: Digging into IIS logs
  • Resource Center: Monitoring and logging tips and resources
  • Free Download: Exchange Server Best Practices Analyzer Tool

    		•



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Outlook Web Access (OWA) Tips and Advice
    HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersIT Downloads
    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2004 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts