There is some information in the Help menu on both configuring and monitoring Exchange Server events using McAfee SIEM. Below is an excerpt, let me know if that helps;
The McAfee Event Receiver data source for Microsoft Exchange server monitors Application Event logs of Microsoft Exchange server and also Message Tracking logs written by Microsoft Exchange server under [Exchange_Home] / [Hostname].log / folder for Exchange 2003 version and [Exchange_Home] /TransportRoles /Logs /MessageTracking/ folder for Exchange 2007 version. For monitoring both the logs complete the steps in the following sections:
• Collect MS Exchange Server Message through Application Event Logs
• Collect MS Exchange Server Message Tracking Logs Remotely
• Granting Privileges to Exchange03\nfeschange User Account to Access WMI Namespace
what about the MS Exchange 2010 and the newest: MS Exchange 2013?
I just submitted Exchange 2013 Audit Parser request, let's see what is response.
I suggest everyone needing it open similar requests to get it prioritized :-)