Instructions for Exchange Admin Audit Log Events Data Connector has incorrect log names (Exchange On-Premises Solution) #10960
Assignees
Labels
Connector
Connector specialty review needed
Comments
|
FYI, @v-prasadboke |
|
Hi @v-prasadboke , @v-sudkharat, I confirm that the XPath information is not good. The good value is "MSExchange Management!*" So in connector documentation it has to be "MSExchange Management" |
|
Got it @nlepagnez, Working on it |
|
Hi @v-prasadboke, the XPath will be corrected in the pull request #11049 |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The data connector for the Exchange Admin and Audit Log Events uses 'MS Exchange Management' as the log name when it should be 'MSExchange Management'. For example: Click Add Windows event log and enter MS Exchange Management as log name.
To reproduce the issue, install the Exchange On-Premises solution and try to configure:
[Option 1] MS Exchange Management Log collection > Data Collection Rules - When the legacy Azure Log Analytics Agent is used > Configure the logs to be collected.
And
[Option 1] MS Exchange Management Log collection > Data Collection Rules - When Azure Monitor Agent is used > Option 2 - Manual Deployment of Azure Automation.
An example of the event name (Which is used correctly in the parsers etc through the solution already):
Line 212 and 232 in ESI-ExchangeAdminAuditLogEvents.json
The text was updated successfully, but these errors were encountered: