Posts Tagged ‘logs’

 

Failed authentication for XXXX, Date: 2019-11-26, Time: 13:26:01 AEDT, IP: X.X.X.X, Application: MfO, Method: IWA, Reason: Wrong password

 

Failed authentication for XXXX, Date: 2019-11-22, Time: 15:13:23 AEDT, IP: X.X.X.X, Application: App Launcher, Method: EWS Basic, Reason: Wrong password

Application: MfO = Mimecast for Outlook

Application: App Launcher = MyApps Webbased portal

Method = IWA ( Intergrated Windows Authentication ) usually from the Mimecast Outlook Add In

Method =  EWS Basic ( Used by Domain Authentication to check onprem ) 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Shout out to Bennis at Bayswater Electrical for this!

Logpaser is seriously good tool to filter through the mess of IIS logs!

https://www.microsoft.com/en-au/download/details.aspx?id=24659

Grab all your ISS log files for the dates you need.

Chuck them in a directory

First command grabs all the .log files into a single csv

logparser.exe -i:iis “select * into c:\temp\merge.log from c:\temp\logs\*” -o:csv

the “–i” option selects the log format  be sure to select the correct format to match your IIS settings. eg, exchange is generally IISW3C.

 

The second command you use to filter out the details you really need, similar to a sql query!

logparser.exe -i:csv “Select username, date, time, target FROM c:\temp\merge.log TO c:\temp\output.csv WHERE RequestType LIKE ‘%get%’ and username is not null”

Use Excel or Notepad ++ to join the results together

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)