Open leighcurranTW opened 1 month ago
FYI, @v-prasadboke
Hi @v-prasadboke , @v-sudkharat, I confirm that the XPath information is not good. The good value is "MSExchange Management!*" So in connector documentation it has to be "MSExchange Management"
Got it @nlepagnez, Working on it
Hi @v-prasadboke, the XPath will be corrected in the pull request #11049
The data connector for the Exchange Admin and Audit Log Events uses 'MS Exchange Management' as the log name when it should be 'MSExchange Management'. For example: Click Add Windows event log and enter MS Exchange Management as log name.
To reproduce the issue, install the Exchange On-Premises solution and try to configure:
[Option 1] MS Exchange Management Log collection > Data Collection Rules - When the legacy Azure Log Analytics Agent is used > Configure the logs to be collected.
And
[Option 1] MS Exchange Management Log collection > Data Collection Rules - When Azure Monitor Agent is used > Option 2 - Manual Deployment of Azure Automation.
An example of the event name (Which is used correctly in the parsers etc through the solution already):
Line 212 and 232 in ESI-ExchangeAdminAuditLogEvents.json