locked
SharePoint IIS Log for CS-USERNAME blank? RRS feed

  • Question

  • User-149623670 posted
    We have a SharePoint site which has "Anonymous Authentication" disabled, however our logs show thousands of blank entries for CS-USERNAME. For example, a popular article got 11087 hits yesterday, but LogParser states that 9791 of those hits are blank in the log. What's going on here? Is it search? What could be accessing SharePoint anonymously if it's not enabled? (Our company doesn't have 10000 employees, so I don't think it's employees clicking on the link).
    Tuesday, November 15, 2011 8:25 PM

All replies

  • User-149623670 posted
    Further to this: I ran log parser again grouped-by the C-IP (IP Address) and 9258 hits (with blank CS-USERNAME) came from a mystery IP address. I pinged my Infrastructure team and it turns out that it was a proxy server for another one of our businesses. When I dig deeper, some have valid CS-USERNAME entries, but most are blank and are usually: - Microsoft+Office+Existence+Discovery - Microsoft+Office+Protocol+Discovery - Mozilla/4.0+(compatible;+MS+FrontPage+12.0) - MSFrontPage/12.0 ... and are often 401's. This article seems to explain the annoying issue - users with Frontpage extensions: http://blogs.msdn.com/b/vsofficedeveloper/archive/2008/03/11/office-existence-discovery-protocol.aspx I guess I'll just filter out blank CS-USERNAME entries in our logs, or perhaps it should just be 401s?
    Tuesday, November 15, 2011 8:53 PM
  • User-149623670 posted
    Seems the easiest fix is simply to add this WHERE condition to LogParser: WHERE CS-USERNAME IS NOT NULL
    Tuesday, November 15, 2011 11:07 PM