Recently we have upgraded our SIEM from 9.5 to 9.6, however we are facing issue with Exchange Logs integration. Before the upgrade we were getting logs from Exchange server, it was retrieving the logs from MessageTracking$ share using CIFS. However there is bug in 9.6, which will not allow log retrieval using CIFS if the share name has '$' in that.
Now, we have changed the share name to 'MessageTracking', still we are unable to retrieve logs, its giving an error saying "Notok username specified with no parameter" has anyone faced same type of issue? or anyone knows how to get Exchange logs using receiver.
I know we can use SIEM Collector to get logs and its working now, however I would like to use reciever for log retrieval due to some technical difficulties in using SIEM Collector.
Thanks in advance !
I have been seeing the same error also.
The issue for me was with the credentials of the Data Source.
For username I had
username = DOMAIN\userid
However once I removed the domain
username = userid
It worked successfully and I was able to retrieve cifs logs from a windows server.
I hope this helps.