I have LOGbinder for Exchange installed on my on-prem Exchange server and configured to direct the audit XML files to my personal mailbox (for now). I am seeing the logs come through in mass on a regular basis and they get shuffled off to my "Deleted" folder quite quickly. So I gather that LOGbinder is doing as expected.
What I'm looking to do now is integrate what LOGbinder for Exchange is doing with my Splunk install on a separate server in our domain. I have Supercharger and Splunk installed on a single server separate from our Exchange install and need some direction on getting the logs & events pushed up into Splunk. I've tried finding documentation and following the tutorial video here
, but I can't seem to connect the two.
Below are screenshots of my LOGbinder for Exchange setup.
Default Mailbox Audit Policy
LOGbinder EX Event Log Setup
Syslog Generic (File) Setup