troubleshooting Question

Exchange Logging

Avatar of First Last
First LastFlag for United States of America asked on
ExchangeWindows Server 2003
4 Comments1 Solution543 ViewsLast Modified:
I'm looking for a way to log mailbox access events on an exchange 2003 server.  There was an incident a while back where an IT admin had been inappropriately accessing another employees mailbox.  The reaction was to enable the minimal logging option under the MSExchangeIS\Mailbox\Logons section of the exchange server.  While this does show each access attempt to a mailbox it also created an absurdly large number of events in the log.  This is due to an email archiving solution we use that accesses each mailbox and creates about 4-5 events per second.  I have all my servers, switches, and routers sending their logs to a syslog server and exchange makes up 99.7% of the logs.  In addition all of the IT admins have the username and password to the journaling account making it impossible to identify inappropriate mailbox access.

I'd like to disable the logging since it does not accomplish the intended purpose but I will need to provide another solution which does.  This is where I could use some advice.  Is there a tool which can provide audit information of this kind?  I'm wide open to suggestion on how to solve this problem.
ASKER CERTIFIED SOLUTION
Paul Solovyovsky
Senior IT Advisor
Join our community to see this answer!
Unlock 1 Answer and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros