Solved

Unable to receive the logs from 0365?


Using logpoint to fetch logs from Microsoft Office 365 but unable to receive the logs of emails (like:- email delivery etc ) except the mail delivery fail logs.

Able to fetch the logs like:

-Mail delivery failure

Not able to reveive the logs like:

-Mail delivered

Any suggestion? Any Solution?

icon

Best answer by Prakash 13 April 2022, 20:16

View original

17 replies

Userlevel 1

Hi Prakash,

if you are lookin for Exchange Online Message Tracking logs:

"13.04.2022 16:15:31","123@logpoint.com","234@logpoint.com","sss","Delivered","1.1.1.1","13457","<2022@logpoint.com>"
"13.04.2022 16:16:19","123@logpoint.com","234@logpoint.com","sss","Failed","1.1.1.1","46808","<2022@logpoint.com>"

Have a look at the logpoint documentation:

Appendix — Office365 latest documentation (logpoint.com)

 

Best Regards,

JOhann

Hi johann,

Thankyou for replying in the comments

We have an environment where LogPoint is already integrated with Office365 from azure active directory api integration.

We are able to receive the logs related to DLP and Message Failure but ,the issue we are facing is that the email delivery logs,email pending,email forwarding etc. are not received in LogPoint application.

Is there any settings (permission) that needs to be enabled in office 365 Azure Active Directory to receive those logs in LogPoint application?

I hope you can help me replying in the comments with the genuine answers.Thankyou

Regards,

Prakash Chhetry

 

https://www.logpoint.com/en/product/supported-log-sources/

 

Also from this document it is clearly.mentioned that : "Keep your confidential critical information safe by monitoring email activity for Exchange online, including attachments and other media within the emails "

But in my environment no logs related to email Delivery is received in LogPoint except.emaio Faluire.

Hi LogPoint Community,

I have tried to reach to the Technical Team but unable to reach to them thus I posted the issue here. Without getting the proper response and proper solution the issue is marked as solved.

Can anyone help me on the issue raised?

 

With integrating with O365 only the logs related to DLP and email faluire is received.Other logs are not received. Is there any expert out in the community who could suggest me some of the possible solutions for this issue?

Userlevel 3
Badge +3

Hi Prakash. 

It looks like we should engage LogPoint Support in this case. We will reach out to you on the e-mail you sent.

Regards,

Brian Hansen, LogPoint 

Userlevel 3
Badge +7

Hi Prakash,

Please provide me your sct email address so that I can provide you access to our service desk for immediate support.

Thanks,
Basudev, LogPoint Nepal

Hi Basudev Raut,

It is to inform you that I am not the employee of the particular company . We have deployed Office 365 where Logpoint application was integrated later.

Checking on to the Logpoint application only the logs related to DLP is received.Now, there is a confusion  that if the blocking is  from Office 365 side or from Logpoint Application. In my last visit in the company, I tried to get help from logpoint team but couldnot be able to receive the exact answer on which feature need to be enabled in office 365 to get those logs.

Now I came to know that all the logs are received in other organization ( other organization where Log Point is integrated with Office 365 deployed by Logpoint ) where, DLP policies are not implemented from Logpoint Team.

Thus,I wanted to know if you could help if me with which features that need to be enabled in Office 365 to get those logs. It would be great if you could provide the steps in the attachments.

I think sharing my personal email address here in the comments is not a  good idea and could be against the community standard. Thus, it is requested you to provide me your support email address in the comments so that I can contact you personally.Also, If possible you can provide the detials here in the comments.Thankyou

 

Regards,

Prakash

Hi Prakash. 

It looks like we should engage LogPoint Support in this case. We will reach out to you on the e-mail you sent.

Regards,

Brian Hansen, LogPoint 

Hi Brian Hansen,

Thankyou for replying in the comments.

 

Regards,

Prakash

Userlevel 3
Badge +7

Hi Prakash,

After checking the support history, I came to know that the logs are being received in LogPoint instance, that vividly assures that the LogPoint is not blocking logs. The issue might be associated with the permissions required in the O365 environment. I’d strongly suggest you to involve SCT employees to raise support tickets to get some help since it might require configuration check from the Admin Privilege. In the meantime, I will involve our local Partner to facilitate this and ensure customer has access to our service desk (alternatively, you could raise ticket via email: support@logpoint.com). Talk to you over the support session.


Thanks,
Basudev
 

Hi Prakash,

After checking the support history, I came to know that the logs are being received in LogPoint instance, that vividly assures that the LogPoint is not blocking logs. The issue might be associated with the permissions required in the O365 environment. I’d strongly suggest you to involve SCT employees to raise support tickets to get some help since it might require configuration check from the Admin Privilege. In the meantime, I will involve our local Partner to facilitate this and ensure customer has access to our service desk (alternatively, you could raise ticket via email: support@logpoint.com). Talk to you over the support session.


Thanks,
Basudev
 

Hi Basudev,

Thankyou for assuring that there is no blocking of logs from Application side. Can you please suggest me on which permission that need to be allowed  in O365 to receive those logs ?

 

Regards,

Prakash

Userlevel 3
Badge +7

Hi Prakash,


Did you follow this document?
https://docs.logpoint.com/docs/office365/en/latest/Configuring%20the%20Application.html 

From this link, you would be able to get stepwise configuration on Azure part as well. This step is to configure access so that O365 fetcher can obtain access to the logs. Here, a new app registration is created and provided read permission and public access to LogPoint.

Please go through the above link once, if any confusion, we can have session to understand those as well over the support ticket. But this should be enough for Azure side Configuration.

Reference: https://docs.microsoft.com/en-us/powerapps/developer/data-platform/walkthrough-register-app-azure-active-directory

 

API reference: https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference#working-with-the-office-365-management-activity-api

​​​​​​​Thanks,
Basudev

Userlevel 3
Badge +7

Hi Prakash,

Please follow below documentation for Message tracking logs:
https://docs.logpoint.com/docs/office365/en/latest/Appendix.html#appendix

 

Thanks,
Basudev

Hi Basudev,

Thankyou for providing all the details

I had a talk with the employee of the company. According to them the integration part was done by the logpoint vendor itself, following the attached pdf document. I have asked the concerned company staff to raise the ticket in the email address provided.As per them, the ticket was already raised to Logpoint through the vendor itself. Please have a look on to it and help in solving the issue ASAP.Thank you

Regards,

Prakash

Hi Basudev,

I hope you are doing well

Can you please provide me the command used in the script to fetch the logs.
Example: Get-MessageTrace, Get-DlpDetailReport, Get-DlpDetectionsReport or any other commands 

I will then, connect to Exchange Online and Security and Compliance center PowerShell and check if I could be able to run the command or not ?

 

Regards,

Prakash

Hi Prakash, we are on it and will get back to you asap :) @Basudev Raut 

Userlevel 3
Badge +7

Hi Prakash,

We are working with the customer directly over the support ticket, I think it’s good we deal this over support channel for better tracking. Please coordinate with the team accordingly. For your query, you may try Get-MessageTrace over powershell.

 

Thanks,
Basudev

Reply