Search IIS logs for ActiveSync data for specific user accounts.

Scenario: You want to find ActiveSync activity for specific users that is stored in IIS logs on the Exchange Servers.

Using LogParser you can edit and run the following command:

logparser “Select * from ‘servernamec$inetpublogslogfilesw3svc1*.log’ Where cs-uri-stem LIKE ‘%Microsoft-Server-ActiveSync%’ AND (cs-uri-query LIKE ‘%username1%’ OR cs-uri-query LIKE ‘%username2%’)” -i:IISW3C -q:on >FilePathfilename.txt

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

Share this:

Like this:

Related

Leave a Reply Cancel reply