Is there another way to get admin audit logs for exchange server? because Logbinder is not a free software. We need to buy a license, in addition windows parser that is used to parse logbinder cannot parse all the events.
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform
- windows parser
Hi check that all the steps in the event source integration guide has been followed:
I would also check that the version of Exchange is one we officially support.
If there are additional unknown messages then the parser will need to be updated.
The official way is to open a support ticket with examples of the unknown or miss parsed messages.
This will then eventually be updated in a future parser.
The alternative is to modify the parser yourself to parse the messages correctly.
It looks like possible to use another way :
Thanks for sharing this details. But practically, if someone follow this methods, actually not help customer to see un-parsed log after updating parser if it is officially supported.
I have one support case open on 8th October 2015 which is already tagged as RFE. After follow-up, I didn't get any update.