Skip to content

Microsoft Exchange

Description

Constructor : Microsoft
Product : Exchange
Log format : csv

Log sample

Structured log message :

1
2
3
4
<13> otherserver
2018-10-05T07:16:59.349Z,,server.eu.company.local,,otherserver,1e45d736-1e9c-4575-b646-4935b0f4422e,,SMTP,HARECEIVE,10518374908142,<<867700736.23991538723814276.JavaMail.root@azerty>>,326591dc-ee5d-49ef-98fe-08d62a928a36,Auser-<EXTERNAL@company.com;auser-external@company.com>,,2537,2,,,PI
; Alarm Category - AP; Severity -
Critical,aaa-<prime-infrastructure@company.com>,aaa-<prime-infrastructure@company.com>,,Originating,,,,S:DeliveryPriority=Low;S:PrioritizationReason=ShadowRedundancy;S:AccountForest=company.local,Email,aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa,10.10.10.10

Warning

The following content has not been updated to Exchange 2016 new format and might be outdated, be careful.

Fields normalization

Constructor field LMC field
source_context [exchange][source_context]
connector_id [exchange][connector_id]
source [exchange][source]
internal_message_id [exchange][internal_message_id]
message_id [exchange][message_id]
recipient_status [exchange][recipient_status]
recipient_count [exchange][recipient_count]
related_recipient_address [exchange][related_recipient_address]
reference [exchange][reference]
message_subject [exchange][message_subject]
message_global_unique_id [exchange][message_global_unique_id
return_path [exchange][return_path]
message_info [exchange][message_info]
directionality [exchange][directionality]
tenant_id [exchange][tenant_id]
original_client_ip [exchange][original_client_ip]
original_server_ip [exchange][original_server_ip]
custom_dat [exchange][custom_dat]
u_email [exchange][u_email]
u_global_unique_id [exchange][u_global_unique_id]
u_IP [exchange][u_IP]
client_ip [init][host][ip]
client_hostname [init][host][name]
sender_address [init][usr][mail]
server_ip [target][host][ip]
server_hostname [target][host][name]
recipient_address [target][usr][mail]
event_id [alarm][name]
total_bytes [session][out][byte]