First Last
asked on
Exchange Logging
I'm looking for a way to log mailbox access events on an exchange 2003 server. There was an incident a while back where an IT admin had been inappropriately accessing another employees mailbox. The reaction was to enable the minimal logging option under the MSExchangeIS\Mailbox\Logon s section of the exchange server. While this does show each access attempt to a mailbox it also created an absurdly large number of events in the log. This is due to an email archiving solution we use that accesses each mailbox and creates about 4-5 events per second. I have all my servers, switches, and routers sending their logs to a syslog server and exchange makes up 99.7% of the logs. In addition all of the IT admins have the username and password to the journaling account making it impossible to identify inappropriate mailbox access.
I'd like to disable the logging since it does not accomplish the intended purpose but I will need to provide another solution which does. This is where I could use some advice. Is there a tool which can provide audit information of this kind? I'm wide open to suggestion on how to solve this problem.
I'd like to disable the logging since it does not accomplish the intended purpose but I will need to provide another solution which does. This is where I could use some advice. Is there a tool which can provide audit information of this kind? I'm wide open to suggestion on how to solve this problem.
and the action you are looking for is
Non-
Owner
Mailbox
Access audit
Non-
Owner
Mailbox
Access audit
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Agreed, One of the products in the PDF i provided has change auditor :) but they are not the only one in the market. they have at least 4 :)
google search it, it only have roughly 4 products in the market will do what you want. and it comes with a hefty price
this is the one i am reading
http://www.windowsitpro.com/content/content/129991/129991_Table1.pdf from http://www.windowsitpro.com/article/exchange-server/buyer-s-guide-exchange-server-auditing-software-129991