Help for Understanding and Using Exchange Audit
Comparing Exchange Server's 3 Audit Logs for Security and SIEM Integration
explains the 3 logs in Exchange Server that are valuable to Security. Only one
of the logs, message tracking, is directly accessible by SIEM/log management solutions.
The other 2 audit logs, administrator and mailbox access, are stored internally
within Exchange mailboxes.
LOGbinder EX™ collects the mailbox audit logs through efficient use of the Exchange
management API and then parses the cryptic Exchange audit log data and formats it
into 11 easy-to-ready messages delivered to your SIEM via several possible channels.
Using Exchange’s management API, LOGbinder EX™ collects the hidden administrator
audit log files from its internal special mailbox, parses the log data, and formats
it into more than 400 easy-to-read messages delivered to your SIEM. You can then
use the pre-built LOGbinder™ content packages to track audit log events within SIEM
solutions from participating SIEM Synergy Partners.
There's lots of information at Randy's Exchange section at UltimateWindows Security.com.
Next: