Thursday 26 March 2015

Monitoring and debugging Outlook Web Access with IIS

We need to ensure that logging is enabled in IIS for the virtual directory (owa by default).

Typically the logs will be kept in:
%SystemDrive%\inetpub\logs\LogFiles

We will use a utility called "Log Parser" by Microsoft that will help us present the logs in a human readable format:
http://www.microsoft.com/en-gb/download/details.aspx?id=24659

Within the log folder you will find a number of folders in the following fashion:

W3SVCX

(Where X is equal to the website number in IIS)

"C:\Program Files (x86)\Log Parser 2.2\logparser.exe" -i:iisw3c -o:csv "select * into c:\log\merge.log from "C:\inetpub\logs\LogFiles\W3SVC1\u_xxxxxxxx.log"

To extract OWA logs we can use the following:

"C:\Program Files (x86)\Log Parser 2.2\LogParser" -i:csv "SELECT cs-username, date, time, c-ip, sc-status, cs-uri-stem, cs(User-Agent) FROM C:\log\merge.log TO C:\log\Output.csv WHERE (cs-method LIKE '%get%' and cs-uri-stem LIKE '%owa%')"

To extract EWS logs we can use the following:
"C:\Program Files (x86)\Log Parser 2.2\LogParser" -i:csv "SELECT cs-username, date, time, c-ip, sc-status, cs-uri-stem, cs(User-Agent) FROM C:\log\merge.log TO C:\log\Output.csv WHERE (cs-method LIKE '%post%' and cs-uri-stem LIKE '%Microsoft-Server-ActiveSync%')"

0 comments:

Post a Comment