LOGbinder EX event collection from Microsoft Exchange Server
The IBM QRadar DSM for Microsoft Exchange Server can collect LOGbinder EX V2.0 events.
The following table identifies the specifications for the Microsoft Exchange Server DSM when the log source is configured to collect LOGbinder EX events:
Specification | Value |
---|---|
Manufacturer | Microsoft |
DSM name | Microsoft Exchange Server |
RPM file name | DSM-MicrosoftExchange-QRadar_version-build_number.noarch.rpm |
Supported versions | LOGbinder EX V2.0 |
Protocol type | Syslog LEEF |
QRadar recorded event types |
Admin Mailbox |
Automatically discovered? | Yes |
Included identity? | No |
More information | Microsoft Exchange website (http://www.office.microsoft.com/en-us/exchange/) |
The Microsoft Exchange Server DSM can collect other types of events. For more information on how to configure for other Microsoft Exchange Server event formats, see the Microsoft Exchange Server topic in the DSM Configuration Guide.
To collect LOGbinder events from Microsoft Exchange Server, use the following steps:
- If automatic updates are not enabled, download the most recent version of the
following RPMs from the IBM® Support Website:
- DSMCommon RPM
- Microsoft Exchange Server DSM RPM
- Configure your LOGbinder EX system to send Microsoft Exchange Server event logs to QRadar.
- If the log source is not automatically created, add a Microsoft Exchange Server DSM log source on the QRadar
Console. The following table describes the parameters that require specific
values that are required for LOGbinder EX event collection:
Table 2. Microsoft Exchange Server log source parameters for LOGbinder event collection Parameter Value Log Source type Microsoft Exchange Server Protocol Configuration Syslog