Office 365 Message Tracking is a collection of metadata about email messages sent and received within an organization, which contains information such as:
- Status (for example, pending or delivered).
In addition to auditing, these logs can help identify messages that were delayed or failed to deliver.
The System Monitor Agent can import Office 365 Message Tracking logs into LogRhythm for analysis. This document explains how to configure the collection of Office 365 Message Tracking logs using the Web Console's cloud-to-cloud functionality. This feature is available only to LRCloud customers.
Before configuring collection from O365, do the following:
- Make sure that the customer is an LRCloud customer and has their environment hosted.
- Ensure that you have a valid username and password for connecting to the Office 365 reports API.
- Check if you have the required permissions in O365 to use message trace search.
Initialize the Logs Source
- Log in to the Web Console as a Restricted Administrator User.
- On the top navigation bar, click the Administration icon and select Cloud Log Collection.
- At the top of the Cloud Log Collection page, click New Log Source.
The New cloud log collection dialog box appears.
- Select the Office 365 Message Tracking SYSMON AGENT tile.
The Add Office 365 Message Tracking Log Source window appears.
Enter the following details:
Name Enter the name for this log source. Description (Optional) Enter a description for this log source. Username
Enter the username of the Office 365 Admin account. If the username is an email ID, make sure that you enter the complete address.
Password Enter the specified username.
- Click Save.
A new active log source is created and accepted in the Client Console with the provided information. Collection should start automatically in few minutes.
The Platform Manager hosts all the log sources. It is recommended to create a new host entity and move the log source to the new host, which is done in the log source properties screen and not from the log source grid.
For security, the values entered are encrypted using LRCrypt.
Default Config Values for Office 365 Message Tracking Log Source