Microsoft Exchange Server log source parameters for Microsoft Exchange
If QRadar does not automatically detect the log source, add a Microsoft Exchange log source on the QRadar Console by using the Microsoft Exchange Server protocol.
When using the Microsoft Exchange Server protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect Microsoft
Exchange Server events from Microsoft Exchange:
Parameter | Value |
---|---|
Log Source type | Microsoft Exchange Server |
Protocol Configuration | Microsoft Exchange |
Log Source Identifier | The IP address or host name to identify the Windows Exchange event source in the QRadar user interface. |
SMTP Log Folder Path | The directory path to access the SMTP log files. Use one of the following directory paths:
|
OWA Log Folder Path | The directory path to access the OWA log files. Use one of the following directory paths:
|
MSGTRK Log Folder Path | The directory path to access message tracking log files. Message tracking is only available
on Microsoft Exchange 2007 servers assigned the Hub
Transport, Mailbox, or Edge Transport server role. Use one of the following directory paths:
|
For a complete list of Microsoft Exchange Server protocol parameters and their values, see Microsoft Exchange protocol configuration options.