locked
Parse OWA (W3SVC1) logs into report RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User531388329 posted

    Hi all...

    My boss' [soon to be ex] wife has been reading his email.  I've already confirmed this by browsing the W3SVC1 logs.

    I need to parse all existing W3SVC1 logs and filter into a report ONLY the connections to his account.  The report must include the date/time of connection, the IP address that originated the connect, and any browser type information available in the logs.  Reason for the browser type need is to confirm the source (she is using AOL via an Apple computer).

    I installed the MS Log Parser tool and toyed with some querys to collect the info, but its obviously outside my abilities .

    Can anyone help with the Log Parser query statement?

    Thanks in advance.

    Tuesday, August 21, 2007 2:21 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User531388329 posted

    Ended up figuring this one out.

    In case someone else ever needs to build a similar query...

    LogParser "SELECT date, time, c-ip, cs-uri-stem, cs(User-Agent) FROM C:\Windows\System32\LogFiles\W3SVC1\ex*.log TO Output.csv WHERE cs-uri-stem LIKE '%Username%'"

    Probably crude, but it got the job done. 

     

    Thursday, April 27, 2006 12:57 AM