Home Directory Addons Nagios Log Server Dashboards Exchange 2010/2013 Message Tracking Logs

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

Exchange 2010/2013 Message Tracking Logs

Rating
0 votes
Favoured:
0
Compatible With
  • Nagios Log Server
License
GPL
Hits
3081
Files:
FileDescription
Exchange Message Tracking Logs-1508391614806Exchange Message Tracking Logs-1508391614806

Help Support Ethan Galstad's New Project:

Help Support Ethan

A Message From The Founder...

As the founder of Nagios, I'm asking for your help in a cause that's dear to my heart.

I'm launching a new project to help better the world by providing the information, ideas, and inspiration that I believe can improve the lives of people everywhere.

I know you're busy managing networks, but I would appreciate it if you would consider liking my Facebook page and showing your support for the content and messages I produce by sharing them with your friends and family.

You can learn more about my project by visiting ethangalstad.me/nagios. Thank you for your time. I wish you all the best in your endeavors, whatever they may be.

- Ethan

Exchange 2010/2013 Message Tracking Logs
This dashboard monitors the Message Tracking Logs in Exchange 2010 onwards.

I can't take credit for developing this, I just adapted it for NLS - Original creator here: https://elijahpaul.co.uk/analysing-exchange-2013-message-tracking-logs-using-elk-elasticsearch-logstash-kibana/
This dashboard monitors the Message Tracking Logs in Exchange 2010 onwards.

I can't take credit for developing this, I just adapted it for NLS.

Original creator as follows:
https://elijahpaul.co.uk/analysing-exchange-2013-message-tracking-logs-using-elk-elasticsearch-logstash-kibana/


_________________________________________
Setup an Input Filter on NLS with the following;

tcp {
type => 'exchange'
port => 5141
}

______________________________________________________
Install NXLog on Exchange CAS and add the following to conf file;

define BASEDIR C:Program FilesMicrosoftExchange ServerV14TransportRolesLogsMessageTracking


Module im_file
File '%BASEDIR%MSGTRK????????*-*.LOG'
SavePos TRUE
Exec if $raw_event =~ /HealthMailbox/ drop();
Exec if $raw_event =~ /^#/ drop();
Exec $type = 'Exchange';



Module om_tcp
Host host.ip.address.here
Port 5141
Exec $SyslogFacilityValue = 2;
Exec $SourceName = 'Exchange';



Path in_exchange => out_exchange



________________________________________________
Setup a filter on NLS with the following;


if [type] == 'exchange' {
csv {
add_tag => [ 'exh_msg_trk' ]
columns => [ 'date-time', 'client-ip', 'client-hostname', 'server-ip', 'server-hostname', 'source-context', 'connector-id', 'source', 'event-id', 'internal-message-id', 'message-id', 'recipient-address', 'recipient-status', 'total-bytes', 'recipient-count', 'related-recipient-address', 'reference', 'message-subject', 'sender-address', 'return-path', 'message-info', 'directionality', 'tenant-id', 'original-client-ip', 'original-server-ip', 'custom-data' ]
separator => ','
remove_field => [ 'date-time' ]
}
grok {
match => [ 'message', '%{TIMESTAMP_ISO8601:timestamp}' ]
}
mutate {
convert => [ 'total-bytes', 'integer' ]
convert => [ 'recipient-count', 'integer' ]
split => [ 'recipient-address', ';']
split => [ 'source-context', ';' ]
split => [ 'custom-data', ';' ]
}
if '_csvparsefailure' in [tags] {
drop { }
}
if '_grokparsefailure' in [tags] {
drop { }
}
}


_____________________________________________________
NOTES:
You will need to modify the "host" section in the nxlog file.
You will need to modify the query strings in the JSON file attached to match your "server/client hostnames" and also your "connector-id" to make your Exchange config.
You will need to make sure Message Tracking Logging is turned on in Exchange, just google if unsure on how to do.
You will need to open up the ports on the firewall on the NLS to connect into port 5141.
You can use UDP if you prefer.