Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

LOGbinder EX Event Collection from Microsoft Exchange Server

 

The JSA DSM for Microsoft Exchange Server can collect LOGbinder EX V2.0 events.

The following table identifies the specifications for the Microsoft Exchange Server DSM when the log source is configured to collect LOGbinder EX events:

Table 1: LOGbinder for Microsoft Exchange Server

Specification

Value

Manufacturer

Microsoft

DSM name

Microsoft Exchange Server

RPM file name

DSM-MicrosoftExchange-JSA_version-build_number.noarch.rpm

Supported versions

LOGbinder EX V2.0

Protocol type

Syslog

LEEF

JSA recorded event types

Admin

Mailbox

Automatically discovered?

Yes

Included identity?

No

More information

Microsoft Exchange website (http://www.office.microsoft.com/en-us/exchange/)

The Microsoft Exchange Server DSM can collect other types of events. For more information on how to configure for other Microsoft Exchange Server event formats, see the Microsoft Exchange Server topic in the Juniper Secure Analytics Configuring DSMs.

To collect LOGbinder events from Microsoft Exchange Server, use the following steps:

  1. If automatic updates are not enabled, download the most recent version of the following RPMs:

    • DSMCommon RPM

    • Microsoft Exchange Server DSM RPM

  2. Configure your LOGbinder EX system to send Microsoft Exchange Server event logs to JSA.

  3. If the log source is not automatically created, add a Microsoft Exchange Server DSM log source on the JSA Console. The following table describes the parameters that require specific values that are required for LOGbinder EX event collection:

    Table 2: Microsoft Exchange Server Log Source Parameters for LOGbinder Event Collection

    Parameter

    Value

    Log Source type

    Microsoft Exchange Server

    Protocol Configuration

    Syslog

Configuring Your LOGbinder EX System to Send Microsoft Exchange Event Logs to JSA

To collect Microsoft Exchange LOGbinder events, you must configure your LOGbinder EX system to send events to JSA.

Configure LOGbinder EX to collect events from your Microsoft Exchange Server. For more information, see your LOGbinder EX documentation.

  1. Open the LOGbinder EX Control Panel.
  2. Double-click Output in the Configure pane.
  3. Choose one of the following options:
    • Configure for Syslog-Generic output:

      1. In the Outputs pane, double-click Syslog-Generic.

      2. Select the Send output to Syslog-Generic check box, and then enter the IP address and port of your JSA Console or Event Collector.

    • Configure for Syslog-LEEF output:

      1. In the Outputs pane, double-click Syslog-LEEF.

      2. Select the Send output to Syslog-LEEF check box, and then enter the IP address and port of your JSA Console or Event Collector.

  4. Click OK.
  5. To restart the LOGbinder service, click the Restart icon.