?
Solved

Exchange 2010 Audit log performance impact

Posted on 2013-01-09
7
Medium Priority
?
2,110 Views
Last Modified: 2013-12-06
We are now considering enabling audit logs in exchange environment to monitor hard and soft deletions of e-mail.  We have 2 main concerns.  The performance impact of the exchange system with the audit logs enabled on the exchange server and the amount of space consumed by the audit logs while enabled.  Also should I have other concerns with enabling auditing?  From past experience enabling auditing for prolonged periods has had a detrimental effect on the system.  Once enabled, we will be leaving the logging enabled 24x7x365.
0
Comment
Question by:Linktheman2003
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 13

Accepted Solution

by:
imkottees earned 501 total points
ID: 38760149
Hi,

If you are with Exchange 2010 RTM you have to specify the mailbox for audit logging.
In Exchange 2010 SP1, the audit mailbox is a hidden, dedicated arbitration mailbox that cannot be changed. You can use the Exchange Control Panel (ECP) Auditing Reports page, Search-AdminAuditLog, or New-AdminAuditLogSearch to view audit logs.

http://www.mikepfeiffer.net/2010/02/using-administrator-audit-logging-in-exchange-2010/
0
 
LVL 44

Assisted Solution

by:Amit
Amit earned 501 total points
ID: 38760685
I guess you are not planning to set it permanently. For temp use, i don't think it will impact.
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 498 total points
ID: 38762239
In exchange 2010 mailbox auditing is stored inside the mailboxes

I have done extensive research on this subject since I had to enable mailbox auditing on a large number of mailboxes recently at a client.

My findings (after opening a case with Microsoft and a lot of emails since it is not documented anywhere) it really goes down to the number of mailboxes to audit and the auditing level

If you are auditing only administrator access then you can ignore the impact since it won't be much anyway. However if, like me, you are planning to audit owners access on a large number of mailboxes i was recommended to add up 5% to 7% to the IOPS number given by the mailbox calculator
0
Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

 

Author Comment

by:Linktheman2003
ID: 38767879
I am permenantly enabling audting on the Exchange 2010 SP2 rollup 5 server.  It is a single exchange server with about 100 mailboxes.  We are auditing all mailboxes and all users for hard and soft deletes.  My boss has 2 concerns.  The first is what is the total impact on the server from a perfomance stand point (CPU usage, memory consumption, hard drive IHOPS...) and Total Hard drive space consumed yearly.  Or exchange serve ris virualized on a Windows 2008 R2 host so we can get up to Quad core processing currently which we have already enabled and there is little CPU usage except on the McAfee Security for Microsoft Exchange software we run on it.  It has 32GB of RAM setup, but it consumes anywhere from 16-26 GB depending upon load.  In 10 years we have consumed about 231GB, where we saw 20GB in the last year alone to get an idea of how much data we are talking about.  I don't know actual IHOPS yet.  Our concern is to make sure we can tell if a user deletes files and if so who did it.

My other question which has arisen since this post is how do I change the tombstone life of deleted items.  I need to change from the default of 14 days, to a longer period of 35 days so that all items will be caught by our monthly backups offsite if we ever have to go back and retreive them.
0
 
LVL 44

Expert Comment

by:Amit
ID: 38767887
I suggest enable it and monitor it. As performance can differ server to server. Depends how you configured and using a server, so there is no set answer for this query.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 38769600
In your case I don't think you will have any issues at all since the number of users is very small compared to the sizing of your server. Your sever can easily handled 3 times the amount on current users and the extra load of auditing will not be 3x more So i can tell you you will be fine

what raid configuration is your database staying on ? is it on a san storage or local disk? are the disks sata/scsi ??

for the retention period it is easy just go to Org Config -> Mailbox -> DB managemnet -> right click properties on the DB -> limits and change it "keep deleted mailboxes for day(s)
0
 

Author Closing Comment

by:Linktheman2003
ID: 38982735
No hard core proof, but very little impact.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses
Course of the Month11 days, 20 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question