2
responses
responses
Austin Downing
Currently we are sending our Exchange 2013 logs to our Graylog server using the CSV converter built into Graylog. We parse based on the following fields in 2013.
Fields $date-time,$client-ip,$client-hostname,$server-ip,$server-hostname,$source-context,$connector-id,$source,$event-id,$internal-message-id,$message-id,$network-message-id,$recipient-address,$recipient-status,$total-bytes,$recipient-count,$related-recipient-address,$reference,$message-subject,$sender-address,$return-path,$message-info,$directionality,$tenant-id,$original-client-ip,$original-server-ip,$custom-data
FieldTypes Datetime,ip4addr,String,ip4addr,String,String,String,String,String,String,String,String,String,String,Integer,String,String,String,String,String,String,String,String,String,ip4addr,ip4addr,String`
When I use these strings to parse Exchange 2016 logs I am unable to breakup the data within the CSV being sent. It appears that some fields changed but I don't know what the fields should be labeled or what type of field they are.
Does anyone have a working Exchange 2016 Message Tracking exporter for NXLog-CE?
Comments (1)
BTW, there is a section in our User Guide about collecting Exchange Message Tracking logs, see
Example 230. Using xm_csv for Message Tracking Logs.