Outlook Test
Vendor Documentation
https://community.spiceworks.com/topic/2301316-exchange-2013-1000s-of-event-id-6-logs
Log Fields and Parsing
This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
| Log Field | LogRhythm Default | LogRhythm Default v2.0 |
|---|---|---|
| EventID | <vmid> | <vmid> |
| Level | <tag1>, <severity> | <severity> |
| EventRecordID | N/A | <session> |
| Channel | N/A | <vendorinfo> |
| Computer | <dname> | <dname> |
| EventData | <command>, <object>, <protname>, <subject>, <vendorinfo>, <recipient> | <action>, <command>, <tag1>, <login> |
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
| Regex ID | Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|---|
| 1004240 | Outlook Test | Base Rule | Connection Test | Information |
| Outlook Test Failed : Failed To Find Mailbox | Sub Rule | Bad Destination Mailbox Address | Warning | |
| Outlook Test Failed | Sub Rule | Failed Self Test | Error |
LogRhythm Default v2.0
| Regex ID | Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|---|
| 1012590 | V 2.0 : EVID 6 : Cmdlet Failed | Base Rule | Operation Failed | Error |
| V 2.0 : Cmdlet Set Failed | Sub Rule | Process Failed | Error | |
| V 2.0 : Cmdlet Get Failed | Sub Rule | Process Failed | Error | |
| V 2.0 : Cmdlet Add Failed | Sub Rule | Process Failed | Error | |
| V 2.0 : Cmdlet Remove Failed | Sub Rule | Process Failed | Error | |
| V 2.0 : Cmdlet Disable Failed | Sub Rule | Action Failed | Information | |
| V 2.0 : Cmdlet Enable Failed | Sub Rule | Action Failed | Information | |
| V 2.0 : Cmdlet Move Failed | Sub Rule | Action Failed | Information | |
| V 2.0 : Cmdlet Update Failed | Sub Rule | Update Failed | Error | |
| V 2.0 : Cmdlet New Failed | Sub Rule | Process Failed | Error | |
| V 2.0 : Cmdlet Search Failed | Sub Rule | Failed Operation | Warning | |
| V 2.0 : Cmdlet Connect Failed | Sub Rule | Failed Operation | Warning |