Version 1

    Attached is the SolarWinds LEM + LOGbinder EX content for Exchange Auditing. Included is a product integration guide with instructions for deployment and more information about LOGbinder EX.

     

    Files included:

    • Filters
      • FilterGroupLOGbinder EX.swfgrp: a filter group containing 4 real-time filters (and corresponding charts) for monitoring LOGbinder EX Exchange Auditing activity
    • Rules (All are tagged with Activity Type > LOGbinder EX to quickly locate)
      • Admin Audit Log Policy Changed.swrul: a rule for monitoring when the admin audit log policy has been changed
      • Certificate Change.swrul: a rule for monitoring a change involving an Exchange certificate or federation trust certificate
      • Federation Trust Change.swrul: a rule for monitoring federation trust changes
      • IRM Configuration Change.swrul: a rule for monitoring IRM configuration changes
      • Mailbox Audit Log Policy Changed.swrul: a rule for monitoring when the audit log policy is changed on a mailbox
      • Major Configuration Change.swrul: a rule for monitoring major Exchange configuration changes
      • Management Role Change.swrul: a rule for monitoring a management role change
      • Non-owner Mailbox Access.swrul: a rule for monitoring a user accessing another user's mailbox
      • Non-owner Mailbox Access High Volume.swrul: a similar rule for monitoring multiple accesses to different mailboxes
      • Non-Standard Mailbox Client.swrul: a rule for monitoring when a client other than OWA/RPC/Outlook is accessing a mailbox
      • Outlook Protection Rule Change.swrul: a rule for monitoring Outlook protection rule changes
      • Permission Change.swrul: a rule for monitoring permission changes to a Mailbox, Public Folder, or Active Directory object
      • Policy Change.swrul: a rule for monitoring changes to several different types of Exchange/Mailbox policies
      • Transport Configuration.swrul: a rule for monitoring changes to the transport configuration
    • Reports
      • LOGbinder-EX-Admin-Audit-EventIDs.rpt: a report pre-filtered to only show admin audit Event IDs
      • LOGbinder-EX-File-Audit-Events.rpt: a standard LEM File Audit Events report filtered only to LOGbinder EX activity
      • LOGbinder-EX-Machine-Audit.rpt: a standard LEM Machine Audit report filtered only to LOGbinder EX activity
      • LOGbinder-EX-Mailbox-Activity-EventIDs.rpt: a report pre-filtered to only show mailbox activity Event IDs
      • LOGbinder-EX-Resource-Configuration.rpt: a standard LEM Resource Configuration report filtered only to LOGbinder EX activity
    • SolarWinds LEM and LOGbinder Integration Guide.pdf: Document detailing installation instructions and more information about LOGbinder EX