I had been some troubles trying to integrate a Exchange as Windows on my SIEM 9.3. The Exchange is 2010 on a Windows Server 2008 R2, I read on the product guide that if you have a windows 2008 you just need that your account be in event log reader group.
When I gave domain privilegies to this account, I established communication between receiver and exchange, but I don't have domain privilegies anymore, was just a test.
The event log reader don't function. Could you help me?
I have the same problems so i just need get logs like WMI? Do i need more configures on exchange settings or just get logs on windows that enough information?
It depend on what information you need from the log. If you need who accessed your exchange servers then collect WMI logs from exchange server but if you want to see which source user sent an email to which domain then you need to collect message tracking logs located under C:\ProgramFiles\Exchsrvr\MSGTRKyyyymmdd-nnnn.log.