Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Microsoft Exchange Server Log Source Configuration Options

 

Use this reference information to configure the WinCollect plug-in for Microsoft Exchange Server.

Supported versions

WinCollect supports the following versions of Microsoft Exchange :

  • Microsoft Exchange 2003

  • Microsoft Exchange 2007

  • Microsoft Exchange 2010

  • Microsoft Exchange 2013

  • Microsoft Exchange 2016

  • Microsoft Exchange 2019

Table 1: Microsoft Exchange Server protocol parameters

Parameter

Description

Log Source Type

Microsoft Exchange Server

Protocol Configuration

WinCollect Microsoft Exchange

Local System

The WinCollect agent must be installed on the Microsoft Exchange Server.

The log source uses local system credentials to collect and forward events to the JSA.

Ensure that the firewalls that are located between the Exchange Server and the remote host allow traffic on the following ports:

  • TCP port 135 for Microsoft Endpoint Mapper.

  • UDP port 137 for NetBIOS name service.

  • UDP port 138 for NetBIOS datagram service.

  • TCP port 139 for NetBIOS session service.

  • TCP port 445 for Microsoft Directory Services to transfer files across a Windows share.

For more information about Microsoft Exchange log source configuration, see the Configuring DSMs Guide.

The Exchange Server OWA event logs that are monitored by WinCollect are defined by the directory path that you specify in your WinCollect Exchange Server log source. Microsoft Exchange writes to two directories: W3SVC1 and W3SVC2. The Microsoft Exchange plug-in monitors all recursive files under the C:\inetpub\logs\LogFiles\ directory.

Table 2: Default OWA directory paths for Microsoft Exchange Server events

Collection type

Root log directory

Local

C:\inetpub\logs\LogFiles\W3SVC1

Remote

\\<Exchange_Server_IP address>\c$\inetpub\logs\LogFiles\W3SVC1

The Exchange Server Message Tracking event logs that are monitored by WinCollect are defined by the directory path that you specify in your WinCollect Exchange Server log source.

Table 3: Default Message Tracking directory paths for Microsoft Exchange Server events

Collection type

Root log directory

Local

C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\MessageTracking

Remote

\\<Exchange_Server_IP address>\C$ \Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\MessageTracking

Table 4: Default SMTP/Mail directory paths for Microsoft Exchange Server events.

Collection type

Root log directory

Local

C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\ProtocolLog

Remote

\\<Exchange_Server_IP address>\C$ \Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub \ProtocolLog