Share via

How to correlate reverse Proxy server (windows ) server IIS logs and Exchange IIS logs for user access and mail send.

Rafiul Islam 21 Reputation points
2024-04-26T05:22:41.61+00:00

Hi all,

I need help , regarding an analysis of event that took place in our organization. One email ID has send an email to all users inside the org. and we need to track it down. We have logs from exchange server (IIS) and message tracking and reverse Proxy server for external access.

Scenario:

  1. Exchange IIS logs and reverse proxy time stamp is not similar.
  2. Audit is enabled for the user but not showing any logs.
  3. Reverse proxy server showing multiple Device ID connection.

How we can corelate the logs from Which session the mail has been send and using which device device.

Need Help on this urgent.

Exchange | Exchange Server | Management
Exchange | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-04-26T09:09:42.1866667+00:00

    Hello @Rafiul islam,

    To track which session an email was sent from and which device was used to send the email through Exchange IIS logs, you need to capture and analyze specific log entries related to the send email action and session. It is recommended that you refer to the following links:

    https://serverfault.com/questions/947930/exchange-2016-how-to-audit-mailbox-user-access-to-get-their-ip

    Third-party contact disclaimer  

    Microsoft provides third-party contact information to help you find additional information about this topic. This contact information may change without notice. Microsoft does not guarantee the accuracy of third-party contact information. 

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.