Configure Log Forwarder in M365 Manager Plus

Your download is in progress and it will be complete in just a few seconds! If you face any issues, download manually here
Manage and Secure Microsoft 365 with
M365 Manager Plus
  • Please enter business email address
  •  
    By clicking 'Download 30-day free trial', you agree to processing of personal data according to the Privacy Policy. You can unsubscribe from our mails at anytime.

M365 Manager Plus' Log Forwarder' option allows you to forward Microsoft 365 audit logs to an external SIEM product or to a Syslog server.

Forwarding logs to Syslog Server:

Syslog is the event logging service in unix systems.You may also use this setting to forward logs to your SIEM's UDP or TCP receiver.

Configuring a Syslog Server:

  • Syslog daemon runs in UDP port 514 by default.
  • The default settings can be modified in the Syslog server's path configurationfile/etc/syslog.conf.
  • Remember to restart Syslog daemon for the changes to take effect.

Steps to enable Syslog logging in M365 Manager Plus:

  • Go to Admin tab.
  • Select General Settings → Log Forwarder in the left pane.
  • Select the Enable Log Forwarding checkbox.
  • Click the Syslog tab.
  • Enter the Syslog Server Name or IP. Ensure that this server is reachable from the server in which M365 Manager Plus is installed.
  • Select the Protocol to be used.
  • Enter the Port number.
  • Select the Syslog Type as required by your SIEM parser from the drop-down.

Forwarding Microsoft 365 logs to an external SIEM product: Splunk HTTP

Steps to configure Splunk HTTP event collector:

  • Login to your Splunk admin account.
  • Select Settings from the top right corner of the Home page.
  • Select Data Inputs under Data.
  • Select HTTP Event Collector under Local inputs.
  • Select New Token.
  • Enter a Name for the token. (Preferably M365 Manager Plus).
  • Customize the rest of the fields if required.
  • Click Next.
  • Customize the Input Settings if required.
  • Click Review.
  • Check your settings and click Submit.
  • Copy and save the value in Token Value field. You will need it to configure M365 Manager Plus.
  • Go to Settings → Data Inputs → HTTP Event Collector
  • Select Global Settings and enable All Tokens.
  • You can customize the HTTP Port Number and rest of the fields if required.
  • Click Save.

Steps to configure M365 Manager Plus:

  • Login to M365 Manager Plus.
  • Go to Admin tab.
  • Select General Settings → Log Forwarder in the left pane.
  • Select the Enable Log Forwarding checkbox.
  • Click the Splunk tab.
  • Enter the Port number of Splunk HTTP Event Collector and Protocol to be used.
  • Enter the Token Value you had copied in step 12 of Splunk configuration in the Authentication Token field.
  • Click Save.

Why businesses choose M365 Manager Plus?

What our customers say

  • We can now effectively reconcile which licenses we are using in the organization and assign the cost to the business unit. We were also able to identify a number of license changes that could be put in place that reduced our total Microsoft 365 spending.

    Timothy Ransom
    Group IT/IS manager at The Eclipse Group, United Arab Emirates

  • M365 Manager Plus is valuable to our future business and, most importantly, it allows me to keep improving the level of service we provide.

    IT infrastructure manager
    Sunstar Suisse S.A.

  • Our firm purchased ManageEngine M365 Manager Plus to help us protect our business from email-borne cyberthreats. We are absolutely satisfied with the features and ease of use. It has surpassed our expectations.

    Insurance agent
    Security and risk management Gartner review

One-stop solution for all your
Microsoft 365 administration needs!

  • Please enter a business email id
  •  
  •  
    By clicking 'Download now', you agree to processing of personal data according to the Privacy Policy.

Thanks!

Your download is in progress and it will be completed in just a few seconds!
If you face any issues, download manually here