Microsoft Exchange Integration (Epilog)

Microsoft Exchange Integration (Epilog)

 

Message Tracking Logs; can be used for forensics, e-mail flow analysis, reporting and troubleshooting.

These logs are set as default when Exchange is installed.

The related log file is saved under C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\MessageTracking directory as default.


1. Open Exchange Management Console application.

2. At Server Configuration > Hub Transport part, open Properties via right-clicking to the server.

1.JPG


 

3. You must be sure that Enable Message Tracking Log option is active in Log Setting tab. If it is activated, then log files will be saved to the indicated directory in the below part.

 

2.JPG


Note : You can download Epilog software via link below and follow the steps below mentioned. 

http://www.intersectalliance.com/download.html?link=http://prdownloads.sourceforge.net/snare/EpilogSetup-1.6.0-MultiArch.exe 

After downloading the link, installation can be performed on the machine which Microsoft Exchange Server is installed. 

Access to Epilog Software : Type localhost:6162 to the URL part in Web Browser. 

 

4. Click Network Configuration tab. 

Destination Snare Server address : Enter Logsign IP address.
Destination Port : Enter 514 port because it will send the logs via Syslog.  
SYSLOG Facility : Local 0 is selected.
SYSLOG Priority : Information is selected. 

 

 

 

epilog09.jpg

 

5. In the Log Configuration part, you will select the folder to extract logs and also select the log file. 

Select Log Type : Custom Event Log is selected. 
Log File or Directory : Enter the folder that keeps Microsoft Exchange logs. If it is changed and you keep the logs under different folder, you must select that folder. 
Log Name Format : The log file should be entered with its extension. 

(If you write as *.log it will be automatically set the current date and you do not need to change the date manually.)

 4.JPG

6. Finally, save the changes that you made and restart the service.

3-3.png

 

7. Select Data Input > Device List from Settings menu. Click Add New Source button in the opening window.


8. Microsoft Exchange Server sends log via Syslog, so select Syslog option.

 


 9. Select Microsoft > Microsoft Exchange Plug-in from the list.

 

 

10. Microsoft Exchange Server version is selected. 

 

11. Select the separated log format (it is comma as default) and enter a description and a label to your source, then click to Save button. Hereby, your log source is added. 

 

Have more questions? Submit a request

Comments