This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SolarWinds-LEM-LOGbinder-EX-Content.zip

FormerMember
FormerMember

Attached is the SolarWinds LEM + LOGbinder EX content for Exchange Auditing. Included is a product integration guide with instructions for deployment and more information about LOGbinder EX.

Files included:

  • Filters
    • FilterGroupLOGbinder EX.swfgrp: a filter group containing 4 real-time filters (and corresponding charts) for monitoring LOGbinder EX Exchange Auditing activity
  • Rules (All are tagged with Activity Type > LOGbinder EX to quickly locate)
    • Admin Audit Log Policy Changed.swrul: a rule for monitoring when the admin audit log policy has been changed
    • Certificate Change.swrul: a rule for monitoring a change involving an Exchange certificate or federation trust certificate
    • Federation Trust Change.swrul: a rule for monitoring federation trust changes
    • IRM Configuration Change.swrul: a rule for monitoring IRM configuration changes
    • Mailbox Audit Log Policy Changed.swrul: a rule for monitoring when the audit log policy is changed on a mailbox
    • Major Configuration Change.swrul: a rule for monitoring major Exchange configuration changes
    • Management Role Change.swrul: a rule for monitoring a management role change
    • Non-owner Mailbox Access.swrul: a rule for monitoring a user accessing another user's mailbox
    • Non-owner Mailbox Access High Volume.swrul: a similar rule for monitoring multiple accesses to different mailboxes
    • Non-Standard Mailbox Client.swrul: a rule for monitoring when a client other than OWA/RPC/Outlook is accessing a mailbox
    • Outlook Protection Rule Change.swrul: a rule for monitoring Outlook protection rule changes
    • Permission Change.swrul: a rule for monitoring permission changes to a Mailbox, Public Folder, or Active Directory object
    • Policy Change.swrul: a rule for monitoring changes to several different types of Exchange/Mailbox policies
    • Transport Configuration.swrul: a rule for monitoring changes to the transport configuration
  • Reports
    • LOGbinder-EX-Admin-Audit-EventIDs.rpt: a report pre-filtered to only show admin audit Event IDs
    • LOGbinder-EX-File-Audit-Events.rpt: a standard LEM File Audit Events report filtered only to LOGbinder EX activity
    • LOGbinder-EX-Machine-Audit.rpt: a standard LEM Machine Audit report filtered only to LOGbinder EX activity
    • LOGbinder-EX-Mailbox-Activity-EventIDs.rpt: a report pre-filtered to only show mailbox activity Event IDs
    • LOGbinder-EX-Resource-Configuration.rpt: a standard LEM Resource Configuration report filtered only to LOGbinder EX activity
  • SolarWinds LEM and LOGbinder Integration Guide.pdf: Document detailing installation instructions and more information about LOGbinder EX
SolarWinds-LEM-LOGbinder-EX-Content.zip