LOGbinder EX event collection from Microsoft Exchange Server

The IBM QRadar DSM for Microsoft Exchange Server can collect LOGbinder EX V2.0 events.

The following table identifies the specifications for the Microsoft Exchange Server DSM when the log source is configured to collect LOGbinder EX events:
Table 1. LOGbinder for Microsoft Exchange Server
Specification Value
Manufacturer Microsoft
DSM name Microsoft Exchange Server
RPM file name DSM-MicrosoftExchange-QRadar_version-build_number.noarch.rpm
Supported versions LOGbinder EX V2.0
Protocol type Syslog

LEEF

QRadar recorded event types

Admin

Mailbox

Automatically discovered? Yes
Included identity? No
More information Microsoft Exchange website (http://www.office.microsoft.com/en-us/exchange/)

The Microsoft Exchange Server DSM can collect other types of events. For more information on how to configure for other Microsoft Exchange Server event formats, see the Microsoft Exchange Server topic in the DSM Configuration Guide.

To collect LOGbinder events from Microsoft Exchange Server, use the following steps:
  1. If automatic updates are not enabled, download the most recent version of the following RPMs from the IBM® Support Website:
    • DSMCommon RPM
    • Microsoft Exchange Server DSM RPM
  2. Configure your LOGbinder EX system to send Microsoft Exchange Server event logs to QRadar.
  3. If the log source is not automatically created, add a Microsoft Exchange Server DSM log source on the QRadar Console. The following table describes the parameters that require specific values that are required for LOGbinder EX event collection:
    Table 2. Microsoft Exchange Server log source parameters for LOGbinder event collection
    Parameter Value
    Log Source type Microsoft Exchange Server
    Protocol Configuration Syslog