security – Andrea Girardi

Sometime happens to receive some interesting requests from the business like “Hey man, take a look if there are some strange access to our web mail”. This tool it’s really useful for this kind of task: Log Parser Studio

It requires (in this case) a IISW3CLOG and a simple query like that:

SELECT TOP 20 cs-username AS UserID, 
	cs(User-Agent) AS Application, 
	cs-uri-stem AS Vdir,
	c-ip AS CLIENT,
	cs-method,
	COUNT(*)
FROM '[LOGFILEPATH]'
WHERE cs-uri-stem LIKE '%OWA%'
GROUP BY UserID, Application, Vdir, Client, cs-method
ORDER BY COUNT(*) DESC

That’s all!

Andrea Girardi - It's my blog!

Tag: security

Analyzie MS Exchange log

Categories

Blogroll

myFavorites

Random Quote

Tag cloud