So I am looking to add the MSExchange CmdletLogs to our Sentinel
logging. I have the MS Exchange connector running using a WECS collector
and I am successfully collecting log data, specifically the
MSExchangeMailboxAssistants logs. Now I see in the connection mode area
of the event source where you can configure the logs collected under
EventLogQuery and Applications sections. I am fumbling around in the
dark a little bit here, but simply added the string
Code:
--------------------
SourceName = "MSExchange CmdletLogs"
--------------------
under EventLogQuery and
Code:
--------------------
Application:MSExchange CmdletLogs
--------------------
does not seem to work (I had no hopes that it really would).

Any one actually done this? The MSExchange CmdletLogs seem to have the
best logs.


--
psmcgovern
------------------------------------------------------------------------
psmcgovern's Profile: https://forums.netiq.com/member.php?userid=5730
View this thread: https://forums.netiq.com/showthread.php?t=51923