ShopLiftin
asked on
Symantec Vault and Microsoft Exchange Journaling Email Auditing
I'm sure this has been done, I'm just facing difficulties locating an answer.
I'm using Exchange 2003 and Symantec Vault 9.0. The vault mailbox archiving has been excellent and I'm happy with the results, but now I have added Journaling to the Exchange Server and the Vault server and I'm a bit stumped.
I need to be able to search the Journaling Mailbox on the Vault for quarterly audits based on keywords.
I can see the Journal Mailbox using OWA, but the problem is that the Journaled emails are all attachments and therefore the message bodies cannot be search via OWA.
I cannot attach to the Journal mailbox in Enterprise Vault, I just get a message, "You can not search as you are not subscribed to any vaults".
I did use the "Journaling Task" on Vault for the Journal mailbox. I don't know if this has different rules for search and recovery than normal user mailboxes.
I'm already getting nervous about the size. Journaling has been on for 1 day and the mailbox is 150MB with the EV task running. That would put me at 1 GB/week and I can't sustain that on the exchange server. I'll need to purge the journal messages from Exchange when the EV task runs.
I was thinking that maybe I should redo the journaling as a normal mailbox in Enterprise Vault to make it easier to search. What do you think?
I apologize for not putting Enterprise Vault in the "zones" but it wasn't listed.
Thanks!
I'm using Exchange 2003 and Symantec Vault 9.0. The vault mailbox archiving has been excellent and I'm happy with the results, but now I have added Journaling to the Exchange Server and the Vault server and I'm a bit stumped.
I need to be able to search the Journaling Mailbox on the Vault for quarterly audits based on keywords.
I can see the Journal Mailbox using OWA, but the problem is that the Journaled emails are all attachments and therefore the message bodies cannot be search via OWA.
I cannot attach to the Journal mailbox in Enterprise Vault, I just get a message, "You can not search as you are not subscribed to any vaults".
I did use the "Journaling Task" on Vault for the Journal mailbox. I don't know if this has different rules for search and recovery than normal user mailboxes.
I'm already getting nervous about the size. Journaling has been on for 1 day and the mailbox is 150MB with the EV task running. That would put me at 1 GB/week and I can't sustain that on the exchange server. I'll need to purge the journal messages from Exchange when the EV task runs.
I was thinking that maybe I should redo the journaling as a normal mailbox in Enterprise Vault to make it easier to search. What do you think?
I apologize for not putting Enterprise Vault in the "zones" but it wasn't listed.
Thanks!
Busbar
Journaling and auditing feature are not done in Exchange unless oyu use Exchange 2010, those features are builtin in Exchange 2010, if you want to do it in Exchange 2003 then you must use other third party solution.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Paulsolov,
You are right. It is 8, the 9.0 was a type error.
Thanks, adding permissions to the Archive itself was certainly the answer I was looking for.
I'm in a ESX environment and have plenty of space, but I will eventually lock down the partition, create a new one and make a disk backup of the current partition.
Thanks for the assist!
Chris
You are right. It is 8, the 9.0 was a type error.
Thanks, adding permissions to the Archive itself was certainly the answer I was looking for.
I'm in a ESX environment and have plenty of space, but I will eventually lock down the partition, create a new one and make a disk backup of the current partition.
Thanks for the assist!
Chris
No problem. 90% of our installs are on VI3/vSphere. Just keep in mind that the ingestion rate is a little slower but retrieval is about the same. Once everyone is ingested your delta is only 1 day worth.
Setup ISIS, (vault store sharing), it will save you a lot of space in the long run.
Setup ISIS, (vault store sharing), it will save you a lot of space in the long run.
ASKER
Paulsolov was right on the money with his answer.