From bf502e85c9a2dc5ddda72a2504257a17af45dded Mon Sep 17 00:00:00 2001
From: Chris Long <clong@cl0ng.com>
Date: Mon, 29 Mar 2021 20:45:43 -0700
Subject: [PATCH] More Exchange related code

---
 .../splunk_forwarder/exchange_inputs.conf     | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 Vagrant/resources/splunk_forwarder/exchange_inputs.conf

diff --git a/Vagrant/resources/splunk_forwarder/exchange_inputs.conf b/Vagrant/resources/splunk_forwarder/exchange_inputs.conf
new file mode 100644
index 000000000..30f2d2024
--- /dev/null
+++ b/Vagrant/resources/splunk_forwarder/exchange_inputs.conf
@@ -0,0 +1,23 @@
+[monitor://C:\Program Files\Microsoft\Exchange Server\V15\Logging\Ews]
+whitelist=\.log$|\.LOG$
+sourcetype=MSWindows:2016EWS:IIS
+queue=parsingQueue
+index=msexchange
+disabled=false
+initCrcLength=8192
+
+[monitor://C:\inetpub\logs\LogFiles\W3SVC1]
+whitelist=\.log$|\.LOG$
+sourcetype=MSWindows:IIS
+queue=parsingQueue
+index=msexchange
+disabled=false
+initCrcLength=8192
+
+[monitor://C:\inetpub\logs\LogFiles\W3SVC2]
+whitelist=\.log$|\.LOG$
+sourcetype=MSWindows:IIS
+queue=parsingQueue
+index=msexchange
+disabled=false
+initCrcLength=8192
\ No newline at end of file