Microsoft Exchange¶

Description¶

Constructor : Microsoft
Product : Exchange
Log format : csv

Log sample¶

Structured log message :

<13> otherserver
2018-10-05T07:16:59.349Z,,server.eu.company.local,,otherserver,1e45d736-1e9c-4575-b646-4935b0f4422e,,SMTP,HARECEIVE,10518374908142,<<867700736.23991538723814276.JavaMail.root@azerty>>,326591dc-ee5d-49ef-98fe-08d62a928a36,Auser-<EXTERNAL@company.com;auser-external@company.com>,,2537,2,,,PI
; Alarm Category - AP; Severity -
Critical,aaa-<prime-infrastructure@company.com>,aaa-<prime-infrastructure@company.com>,,Originating,,,,S:DeliveryPriority=Low;S:PrioritizationReason=ShadowRedundancy;S:AccountForest=company.local,Email,aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa,10.10.10.10

Warning

The following content has not been updated to Exchange 2016 new format and might be outdated, be careful.

Fields normalization¶

Constructor field	LMC field
source_context	[exchange][source_context]
connector_id	[exchange][connector_id]
source	[exchange][source]
internal_message_id	[exchange][internal_message_id]
message_id	[exchange][message_id]
recipient_status	[exchange][recipient_status]
recipient_count	[exchange][recipient_count]
related_recipient_address	[exchange][related_recipient_address]
reference	[exchange][reference]
message_subject	[exchange][message_subject]
message_global_unique_id	[exchange][message_global_unique_id
return_path	[exchange][return_path]
message_info	[exchange][message_info]
directionality	[exchange][directionality]
tenant_id	[exchange][tenant_id]
original_client_ip	[exchange][original_client_ip]
original_server_ip	[exchange][original_server_ip]
custom_dat	[exchange][custom_dat]
u_email	[exchange][u_email]
u_global_unique_id	[exchange][u_global_unique_id]
u_IP	[exchange][u_IP]
client_ip	[init][host][ip]
client_hostname	[init][host][name]
sender_address	[init][usr][mail]
server_ip	[target][host][ip]
server_hostname	[target][host][name]
recipient_address	[target][usr][mail]
event_id	[alarm][name]
total_bytes	[session][out][byte]