For the last year and a half I've been using the (540) logs to generate 'exchange usage' reports, mainly for OWA. These logs were availible in the event viewer/security and appeared as 540 event type.
For some reason this loggin stopped about a week ago.
It's been a while since I set this up... but I went into System Manager, right clicked on the server and checked MSExchangeIS/Mailbox. The logging level for Logons, Access Control Send As, etc (three others) are all set to either MAX or MIN.
The only record currently in the security log is from EARLY this morning... 'The audit log was cleared'. (It was, by me)
Any idea HOW to troubleshoot this?
Nothing has changed, but logging seems to have stopped?