Hi,

I have the need to detect basic authentication logons on our exchange on-prem system.

we have deployed the TA add-on for Exchange but it does not monitor a log file where I found the information I needed.

The log files are located in the path E:\Program Files\Microsoft\Exchange Server\V15\Logging\HttpProxy\Mapi

I thought to add one stanza to monitor the log files in there but I don't know which source type should I use for it. I wonder if someone already create one that could be shared.

[monitor://E:\Program Files\Microsoft\Exchange Server\V15\Logging\HttpProxy\Mapi]
whitelist=\.log$|\.LOG$
time_before_close = 0
sourcetype= ???????????????
queue=parsingQueue
index=msexchange
disabled=false

many thanks.