Link to home
Start Free TrialLog in
Avatar of Linktheman2003
Linktheman2003Flag for United States of America

asked on

Exchange 2010 Audit log performance impact

We are now considering enabling audit logs in exchange environment to monitor hard and soft deletions of e-mail.  We have 2 main concerns.  The performance impact of the exchange system with the audit logs enabled on the exchange server and the amount of space consumed by the audit logs while enabled.  Also should I have other concerns with enabling auditing?  From past experience enabling auditing for prolonged periods has had a detrimental effect on the system.  Once enabled, we will be leaving the logging enabled 24x7x365.
ASKER CERTIFIED SOLUTION
Avatar of Kotteeswaran Rajendran
Kotteeswaran Rajendran
Flag of Malaysia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Amit
Amit
Flag of India image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Akhater
Akhater
Flag of Lebanon image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Linktheman2003
Linktheman2003
Flag of United States of America image

ASKER

I am permenantly enabling audting on the Exchange 2010 SP2 rollup 5 server.  It is a single exchange server with about 100 mailboxes.  We are auditing all mailboxes and all users for hard and soft deletes.  My boss has 2 concerns.  The first is what is the total impact on the server from a perfomance stand point (CPU usage, memory consumption, hard drive IHOPS...) and Total Hard drive space consumed yearly.  Or exchange serve ris virualized on a Windows 2008 R2 host so we can get up to Quad core processing currently which we have already enabled and there is little CPU usage except on the McAfee Security for Microsoft Exchange software we run on it.  It has 32GB of RAM setup, but it consumes anywhere from 16-26 GB depending upon load.  In 10 years we have consumed about 231GB, where we saw 20GB in the last year alone to get an idea of how much data we are talking about.  I don't know actual IHOPS yet.  Our concern is to make sure we can tell if a user deletes files and if so who did it.

My other question which has arisen since this post is how do I change the tombstone life of deleted items.  I need to change from the default of 14 days, to a longer period of 35 days so that all items will be caught by our monthly backups offsite if we ever have to go back and retreive them.
Avatar of Amit
Amit
Flag of India image
I suggest enable it and monitor it. As performance can differ server to server. Depends how you configured and using a server, so there is no set answer for this query.
Avatar of Akhater
Akhater
Flag of Lebanon image
In your case I don't think you will have any issues at all since the number of users is very small compared to the sizing of your server. Your sever can easily handled 3 times the amount on current users and the extra load of auditing will not be 3x more So i can tell you you will be fine

what raid configuration is your database staying on ? is it on a san storage or local disk? are the disks sata/scsi ??

for the retention period it is easy just go to Org Config -> Mailbox -> DB managemnet -> right click properties on the DB -> limits and change it "keep deleted mailboxes for day(s)
Avatar of Linktheman2003
Linktheman2003
Flag of United States of America image

ASKER

No hard core proof, but very little impact.