Random Quote

De la musique avant toute chose

— P. Verlaine

security

July 4, 2013

Analyzie MS Exchange log

Sometime happens to receive some interesting requests from the business like “Hey man, take a look if there are some strange access to our web mail”. This tool it’s really useful for this kind of task: Log Parser Studio

It requires (in this case) a IISW3CLOG and a simple query like that:

SELECT TOP 20 cs-username AS UserID, 
	cs(User-Agent) AS Application, 
	cs-uri-stem AS Vdir,
	c-ip AS CLIENT,
	cs-method,
	COUNT(*)
FROM '[LOGFILEPATH]'
WHERE cs-uri-stem LIKE '%OWA%'
GROUP BY UserID, Application, Vdir, Client, cs-method
ORDER BY COUNT(*) DESC

That’s all!

echo $BRAIN_STUFF

Oh my God, like Mozart and Johnny Knoxville, my genius can not be stopped – HS

Random Quote

Stack Exchange

Instagram

giandrea77

Categories

Pages

security

Analyzie MS Exchange log

Categories

echo $BRAIN_STUFF

Oh my God, like Mozart and Johnny Knoxville, my genius can not be stopped – HS

Random Quote

Stack Exchange

Instagram

giandrea77

Tags

Categories

Pages

security

Analyzie MS Exchange log

Share this:

Categories