cancel
Showing results for 
Search instead for 
Did you mean: 
souljoy
Level 7

Microsoft Exchange Integration using Reciever

Dear all,

Recently we have upgraded our SIEM from 9.5 to 9.6, however we are facing issue with Exchange Logs integration. Before the upgrade we were getting logs from Exchange server, it was retrieving the logs from MessageTracking$ share using CIFS. However there is bug in 9.6, which will not allow log retrieval using CIFS if the share name has '$' in that.

Now, we have changed the share name to 'MessageTracking', still we are unable to retrieve logs, its giving an error saying "Notok username specified with no parameter" has anyone faced same type of issue? or anyone knows how to get Exchange logs using receiver.

I know we can use SIEM Collector to get logs and its working now, however I would like to use reciever for log retrieval due to some technical difficulties in using SIEM Collector.

Thanks in advance !

Regards,

Soul Joy

0 Kudos
1 Reply
craecraecrae
Level 7

Re: Microsoft Exchange Integration using Reciever

Hi

I have been seeing the same error also.

The issue for me was with the credentials of the Data Source.

For username I had

username = DOMAIN\userid

However once I removed the domain

username = userid

It worked successfully and I was able to retrieve cifs logs from a windows server.

I hope this helps.

Cheers,

craecraecrae

0 Kudos