First you’ll need to install Log Parser Studio. I won’t go over the install process in this article, but recommend reading the Exchange Blog here. They cover everything you need to know about the product.
You can either create a new query or just copy an existing. I just copied and existing, much easer and puts in the right category.
1. On the Library Tab locate EWS: Top 20 Users
2. Click on the lock to make the content editable and add the information below.
SELECT TOP 20000 cs-username AS UserID,
cs(User-Agent) AS Application,
cs-uri-stem AS Vdir,
c-ip AS CLIENT,
WHERE cs-uri-stem LIKE ‘%EWS%’ AND cs(User-Agent) LIKE ‘%Mac%’
GROUP BY UserID, Application, Vdir, Client, cs-method
ORDER BY COUNT(*) DESC
3. Now you just need to copy all your IIS logs from all your CAS servers to a central location and run the new query. I like to run these on my virtual desktop.
That’s it. 🙂