Hi
One cliente need´s check your email traffic from EXCHANGE solutions. They want´s to know which logs files will can process with spluk for exchange, because explain me that the normally logs for exchange does not contain the ip address and user email information.
It´s possible obtain information of EXCHANGE with other forms?
It is not clear to me exactly what you are asking. The Splunk app for Microsoft Exchange collects the following:
Internet Information Server (IIS) logs for the Exchange servers whose designated roles require IIS
Blackberry Enterprise Server (BES) v5.03 logs
Windows Event logs
Security Logs
Exchange audit logs
Application logs, such as Forefront Protection Services (FPS) security logs
The Splunk App for Exchange collects the following data using scripted inputs:
Performance monitoring data.
Senderbase/reputation data. This feature needs internet access to function, as it looks up the reputation score for your email users.
Topology and Health information
Mailbox Server health and usage information
Here is a link to online documentation for the app so you can get the details you need.
http://docs.splunk.com/Documentation/MSExchange/2.0/DeployMSX/Whatdataarecollected