cancel
Showing results for 
Search instead for 
Did you mean: 
layer0
Level 7
Report Inappropriate Content
Message 1 of 4

Exchange datasource on SIEM

Hi,

I had been some troubles trying to integrate a Exchange as Windows on my SIEM 9.3. The Exchange is 2010 on a Windows Server 2008 R2, I read on the product guide that if you have a windows 2008 you just need that your account be in event log reader group.

When I gave domain privilegies to this account, I established communication between receiver and exchange, but I don't have domain privilegies anymore, was just a test.

The event log reader don't function. Could you help me?

3 Replies

Re: Exchange datasource on SIEM

Here is how you need to setup you account for collection:

McAfee KnowledgeBase - How to use a non-Admin account for WMI

Re: Exchange datasource on SIEM

Dear All,

I have the same problems so i just need get logs like WMI? Do i need more configures on exchange settings or just get logs on windows that enough information?

Thanks!

Re: Exchange datasource on SIEM

Hi Smalldog,

It depend on what information you need from the log. If you need who accessed your exchange servers then collect WMI logs from exchange server but if you want to see which source user sent an email to which domain then you need to collect message tracking logs located under C:\ProgramFiles\Exchsrvr\MSGTRKyyyymmdd-nnnn.log.

Regards,

Vinaya