# Microsoft Exchange Logs

## Overview

**Evidence:** Microsoft Exchange Logs\
**Description:** Collect Microsoft Exchange Logs\
**Category:** Applications\
**Platform:** windows\
**Short Name:** exchl\
**Is Parsed:** No\
**Sent to Investigation Hub:** No\
**Collect File(s):** Yes

## Background

Microsoft Exchange Server logs track email message flow, client connections, transport events, and search operations. Exchange is a critical enterprise email and collaboration platform frequently targeted by attackers.

## Data Collected

This collector gathers structured data about microsoft exchange logs.

## Collection Method

This collector gathers Exchange logs from Logging directories, including transport logs, search diagnostics, ETL traces, and transport role logs.

## Forensic Value

Exchange logs are vital for investigating email-based attacks, data exfiltration, mailbox compromises, and lateral movement. They reveal message tracking, authentication attempts, and suspicious email patterns that may indicate phishing or BEC attacks.