We need to ensure that logging is enabled in IIS for the virtual directory (owa by default).
Typically the logs will be kept in:
%SystemDrive%\inetpub\logs\LogFiles
We will use a utility called "Log Parser" by Microsoft that will help us present the logs in a human readable format:
http://www.microsoft.com/en-gb/download/details.aspx?id=24659
Within the log folder you will find a number of folders in the following fashion:
W3SVCX
(Where X is equal to the website number in IIS)
"C:\Program Files (x86)\Log Parser 2.2\logparser.exe" -i:iisw3c -o:csv "select * into c:\log\merge.log from "C:\inetpub\logs\LogFiles\W3SVC1\u_xxxxxxxx.log"
To extract OWA logs we can use the following:
"C:\Program Files (x86)\Log Parser 2.2\LogParser" -i:csv "SELECT cs-username, date, time, c-ip, sc-status, cs-uri-stem, cs(User-Agent) FROM C:\log\merge.log TO C:\log\Output.csv WHERE (cs-method LIKE '%get%' and cs-uri-stem LIKE '%owa%')"
To extract EWS logs we can use the following:
"C:\Program Files (x86)\Log Parser 2.2\LogParser" -i:csv "SELECT cs-username, date, time, c-ip, sc-status, cs-uri-stem, cs(User-Agent) FROM C:\log\merge.log TO C:\log\Output.csv WHERE (cs-method LIKE '%post%' and cs-uri-stem LIKE '%Microsoft-Server-ActiveSync%')"
No comments:
Post a Comment