I'm looking for a way to log mailbox access events on an exchange 2003 server. There was an incident a while back where an IT admin had been inappropriately accessing another employees mailbox. The reaction was to enable the minimal logging option under the MSExchangeIS\Mailbox\Logons section of the exchange server. While this does show each access attempt to a mailbox it also created an absurdly large number of events in the log. This is due to an email archiving solution we use that accesses each mailbox and creates about 4-5 events per second. I have all my servers, switches, and routers sending their logs to a syslog server and exchange makes up 99.7% of the logs. In addition all of the IT admins have the username and password to the journaling account making it impossible to identify inappropriate mailbox access.
I'd like to disable the logging since it does not accomplish the intended purpose but I will need to provide another solution which does. This is where I could use some advice. Is there a tool which can provide audit information of this kind? I'm wide open to suggestion on how to solve this problem.