4 Replies Latest reply on Jun 18, 2015 4:19 AM by davidi

    Monitoring Exchange server application logs in SIEM

      Does any one has experience with configuring and monitoring exchange server application logs in Nitro SIEM? I found (from www.logbinder.com) that three types of logs can be of interest to monitor in SIEM. These are Message tracking logs, mailbox audit logs and administrative audit logs. Message tracking logs consume a lot of disk space and doesn't seem to be very useful. The other two types of logs are useful from security point of view but unfortunately they are not written to a log file and third party software (such as LogBinder) is required to fetch these logs.

       

      Moreover there is a parser available in Nitro SIEM for exchange server but I have no idea what configuration has to be done first on exchnage servers (on different roles) and what types of logs this parser supports.