Gathering information from logs and any other spources for Security issue:
Hi all,I just received a request to urgently get the following information fromour logs going back 10 days:*OWA logins on that user's account * IMAP logins on that user's account * MAPI logins on that user's account * emails sent from that user's accountWe use ISA 2006 for our OWA authentication and we allow IMAP access for all users should they decide to use this. I am trying to figure out the best way to approach this and to provide what is being requested. I have IMAP logging enabled but it only reports on todays activity, so am I right in thinkingthe following:--for IMAP, Iwill have to restore the logs from the other 9 days and then use Log Parser to somehow collate the information? --For OWA logons I would check the ISA logs over the 10 days for this user and then go from there, does that sound correct? --Not sure about MAPI connections, any advice--Email tracking I can use to list email sent and received.
September 25th, 2009 2:47pm

see if this can help you How to monitor mailbox access by auditing or by viewing Mailbox Resources in Exchange Server http://support.microsoft.com/kb/867640 Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
Free Windows Admin Tool Kit Click here and download it now
September 25th, 2009 6:43pm

Thanks Vinod, I probably should have mentioned that this was in a pure Exchange 2007 environment.i can get all the other info, but for IMAP I cant get anything from ISA due to the encryption level so i have to concentrate on either the Internal DC's or the IMAP logs on the CAS boxes. I'd prefer not to have to focus on the latter because we have many more CAS boxes than we have DC's. So if i can validate the authenticaton coming from an IMAP user using the DC's that would be brilliant (we also keep at least a months worth of Event logs locally on our DC's so wont havr to revert back to Backups as we would with the CAS boxes).
September 25th, 2009 6:53pm

HiHave you seen below?http://blogcastrepository.com/blogs/0_to_60_in_a_fortnight/archive/2007/05/03/when-did-a-user-last-logon-to-their-exchange-2007-mailbox-and-how-do-i-use-powershell.aspxVinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
Free Windows Admin Tool Kit Click here and download it now
September 25th, 2009 7:02pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics