diff --git a/Vagrant/resources/splunk_forwarder/exchange_inputs.conf b/Vagrant/resources/splunk_forwarder/exchange_inputs.conf
new file mode 100644
index 000000000..30f2d2024
--- /dev/null
+++ b/Vagrant/resources/splunk_forwarder/exchange_inputs.conf
@@ -0,0 +1,23 @@
+[monitor://C:\Program Files\Microsoft\Exchange Server\V15\Logging\Ews]
+whitelist=\.log$|\.LOG$
+sourcetype=MSWindows:2016EWS:IIS
+queue=parsingQueue
+index=msexchange
+disabled=false
+initCrcLength=8192
+
+[monitor://C:\inetpub\logs\LogFiles\W3SVC1]
+whitelist=\.log$|\.LOG$
+sourcetype=MSWindows:IIS
+queue=parsingQueue
+index=msexchange
+disabled=false
+initCrcLength=8192
+
+[monitor://C:\inetpub\logs\LogFiles\W3SVC2]
+whitelist=\.log$|\.LOG$
+sourcetype=MSWindows:IIS
+queue=parsingQueue
+index=msexchange
+disabled=false
+initCrcLength=8192
\ No newline at end of file