GET /exchange/ - 80 - xxx.xxx.x.x Mozilla/4.0 401 2 2148074254. (The x's are replacing an IP address.)
Are these lines normal, or is that someone trying to hack into our system?
The log format is based off of the W3C's extended log file format. For troubleshooting purposes, it is possible to have additional information logged.
In the following example, notice that, in addition to what you are logging, there is also a domain and username being logged:
2005-08-05 00:25:05 192.168.1.11 GKrich.luckett 192.168.1.250 80 GET /exchange - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+DigExt)
Learn more about the format here.
Do you have comments on this Ask the Expert Q&A? Let us know.
Related information from SearchExchange.com:
Dig Deeper on Outlook management
Related Q&A from Richard Luckett
Some folders in a mailbox on Exchange Server 2013 are not showing up on the folder list in the OWA virtual directory but do appear in other views. Continue Reading
We have a Client Access Server and Mailbox Server on Exchange 2013 and we want to install an Edge Transport role on another machine. I joined the ... Continue Reading
How can I enable Outlook Anywhere to allow internal use for all users and external use for only some users in Exchange 2013? Continue Reading