Sometime happens to receive some interesting requests from the business like “Hey man, take a look if there are some strange access to our web mail”. This tool it’s really useful for this kind of task: Log Parser Studio
It requires (in this case) a IISW3CLOG and a simple query like that:
SELECT TOP 20 cs-username AS UserID, cs(User-Agent) AS Application, cs-uri-stem AS Vdir, c-ip AS CLIENT, cs-method, COUNT(*) FROM '[LOGFILEPATH]' WHERE cs-uri-stem LIKE '%OWA%' GROUP BY UserID, Application, Vdir, Client, cs-method ORDER BY COUNT(*) DESC |
That’s all!