All Apps and Add-ons

Splunk App for Exchange - Errors

Kendo213
Communicator
  1. I'm having some issues identifying the problems with my Splunk App for Exchange install. For example, under Client Behavior -> Client Activity, OWA and ActiveSync are green, while EWS and Outlook Anywhere have big yellow exclamation points next to them. If I click on EWS I see data, so I know it's at least working. Outlook Anywhere isn't really in use in this test environment, but it would still be nice to know why these errors appear.

This is spamming the event logs: Cmdlet failed. Cmdlet Search-MailboxAuditLog, parameters {Identity=domain.com/User, LogonTypes={Owner, Delegate, Admin}, ShowDetails=True, StartDate=3/29/2013 10:40:46 AM}.

Cmdlet failed. Cmdlet Search-AdminAuditLog, parameters {StartDate=3/25/2013 9:34:54 PM}.

  1. The reputation portion is now working, but dnsbl.solid.net and singlebl.spamgrouper.com are timing out. Is there a way to edit the list of servers the reputation TA tries to hit?

  2. Another issue is the Non-Owner Mailbox Access Report. I've enabled auditing on a test user per the instructions, however it isn't working (No results found). Anyone ran into this?

  3. Distribution Lists Report is returning no information.

Any tips?

0 Karma

andykiely
Path Finder

You will see an exclaimation mark if there is no data coming into the relevant client activity, I dont use outlook anywhere so mine is the same whereas the other three are green.

To edit the list of reputation servers go into:

.\TA-SMTP-Reputation\bin\check_my_reputation.py and make your amends.

Not sure about your question 2 and question 3 I need an answer myself.

Regards

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...