Scheduling Outlook Web Access Logs Gathering Tasks


This Task collects IIS log files from the Exchange Server and parses the log files for Outlook Web Access (OWA) Logon information. OWA Logon information collected by Exchange Reporter Plus will be used to generate reports like - Log on By Users, Browser based Log on, Client IP based Log on and Server based Log on.

To schedule a New Outlook Web Access Log Gathering Task:

  1. Click on Admin Tab → Task Scheduling → Schedule New Task

  2. Provide a Schedule Name.

  3. Select OWA Logs Gathering Task from the Gathering Tasks drop down.

  4. Select the Schedule Type.

  5. Select the Time.

  6. Select the Log Files Date for which log files will be gathered and parsed.

  7. Click on Add to add Exchange Servers from where IIS logs are to be gathered.

  8. Click on Create.

This will create a new Outlook Web Access Info (IIS) Log  gathering schedule with the above configured settings.

IIS Logs are gathered from Exchange Servers from the default log path. If there is any change in the log path you can update the log path using the "Log Path configuration" option of Exchange Reporter Plus.

 

IIS Log Files Configuration:

 

Some default fields should be available in IIS Log files to extract Outlook Web Access Information. Shown below are the steps to enable logging for IIS6 and IIS7 Servers and also the default fields required for each of these servers..

 

Steps to enable Logging in IIS6 Servers :

  1. On the Taskbar, click Start -->> Control Panel-->>Administrative Tools-->>Internet Information Services (IIS) Manager.

  2. Right Click on Websites-->>Default Web Site and select Properties

  3. Click Properties button under Enable Logging section

  4. Click on Advanced Tab

  5. Ensure that the following fields are selected :

    • date

    • time

    • cs-uri-stem

    • cs-uri-query

    • cs-username

    • c-ip

    • cs(User-Agent)

    • cs(Cookies)

    • sc-status

Steps to enable Logging in  IIS7 Servers:

  1. On the Taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. In the Connections pane, expand the server name, expand Sites, and then click the Web site on which you want to configure (Default is W3SVC1) logging.

  3. In the Home pane, double-click Logging.

  4. Click on Select Fields

  5. In the W3C Logging Fields ensure that the following fields are selected :

    • date

    • time

    • cs-uri-stem

    • cs-uri-query

    • cs-username

    • c-ip

    • cs(User-Agent)

    • cs(Cookies)

    • sc-status

  6. Click ok and click on Apply in the right hand side pane

 

 

Failed Request Tracing Configuration:

 

Pre-requisite: IIS 7 and above should be installed on the Server After the default installation of IIS 7 or above, install the tracing role service to use failed request tracing. After you install the role service, you still must enable failed request tracing at the site level, application level, or directory level.

 

Step to Install Tracing Role Service:

 

To configure on server,

 

WINDOWS SERVER 2012 OR WINDOWS SERVER 2012 R2

  1. On the taskbar, click Server Manager.

  2. In Server Manager, click the Manage menu, and then click Add Roles and Features.

  3. In the Add Roles and Features wizard, click Next. Select the installation type and click Next. Select the destination server and click Next.

  4. On the Server Roles page, expand Web Server (IIS), expand Web Server, expand Health and Diagnostics, and then select Tracing. Click Next.

  5. On the Select features page, click Next.

  6. On the Confirm installation selections page, click Install.

  7. On the Results page, click Close.

WINDOWS 8 OR WINDOWS 8.1

  1. On the Start screen, move the pointer all the way to the lower left corner, right-click the Start button, and then click Control Panel.

  2. In Control Panel, click Programs and Features, and then click Turn Windows features on or off.

  3. Expand Internet Information Services, expand World Wide Web Services, expand Health and Diagnostics, and then select Tracing.

  4. Click OK.

  5. Click Close.

WINDOWS SERVER 2008 OR WINDOWS SERVER 2008 R2

  1. On the taskbar, click Start, point to Administrative Tools, and then click Server Manager.

  2. In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS).

  3. In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services.

  4. On the Select Role Services page of the Add Role Services Wizard, select Tracing, and then click Next.

  5. On the Confirm Installation Selections page, click Install.

  6. On the Results page, click Close.

WINDOWS VISTA OR WINDOWS 7

  1. On the taskbar, click Start, and then click Control Panel.

  2. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off.

  3. Expand Internet Information Services, then World Wide Web Services, then Health and Diagnostics.

  4. Select Tracing, and then click OK.

 

Steps to Enable Tracing:

  1. Open Internet Information Services (IIS) Manager:

    1. If you are using Windows Server 2012 or Windows Server 2012 R2:

      1. On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.

    1. If you are using Windows 8 or Windows 8.1:

      1. Hold down the Windows key, press the letter X, and then click Control Panel.

      2. Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

    1. If you are using Windows Server 2008 or Windows Server 2008 R2:

      1. On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

    1. If you are using Windows Vista or Windows 7:

      1. On the taskbar, click Start, and then click Control Panel.

      2. Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

  2. In the Connections pane, select the server connection, site, application, or directory for which you want to configure failed request tracing.

  3. In the Actions pane, click Failed Request Tracing.

  4. In the Edit Web Site Failed Request Tracing Settings dialog box, select the Enable check box to enable tracing, leave the default value or type a new directory where you want to store failed request log files in the Directory box, type the number of failed request trace files you want to store in the Maximum number of trace files box, and then click OK.

 

Steps to Configure Failure Definitions:

  1. Open Internet Information Services (IIS) Manager:

    1. If you are using Windows Server 2012 or Windows Server 2012 R2:

      1. On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.

    1. If you are using Windows 8 or Windows 8.1:

      1. Hold down the Windows key, press the letter X, and then click Control Panel.

      2. Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

    1. If you are using Windows Server 2008 or Windows Server 2008 R2:

      1. On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

    1. If you are using Windows Vista or Windows 7:

      1. On the taskbar, click Start, and then click Control Panel.

      2. Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

  2. In the Connections pane, select the server connection, site, application, or directory for which you want to configure failed request tracing.

  3. In the Home pane, double-click Failed Request Tracing Rules.

  4. In the Actions pane, click Add.

  5. On the Specify Content to Trace page of the Add Failed Request Tracing Rule Wizard, select the content type you want to trace, and then click Next.

  6. On the Define Trace Conditions page, select the conditions you want to trace, and click Next.

    Trace conditions can include any combination of status codes such as 401, 404, etc, a time limit that a request should take, and/or the event severity.

    Status codes for Access Denied/Logon Failure: 401.1,401.2,401.3,401.4,401.5

    If you specify all conditions, the first condition that is met generates the failed request trace log file. Access more status codes here.

  7. On the Select Trace Providers page, select one or more of the trace providers under Providers or Select "All".

  8. On the Select Trace Providers page, select one or more of the verbosity levels under Verbosity.

  9. If you have selected the ASPNET or WWW Server trace provider in step 7, select one or more functional areas for the provider to trace under Areas of the Select Trace Providers page.

  10. Click Finish.

Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine
Get download link