[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Exchange 2010 Audit log performance impact

Posted on 2013-01-09
7
Medium Priority
?
2,142 Views
Last Modified: 2013-12-06
We are now considering enabling audit logs in exchange environment to monitor hard and soft deletions of e-mail.  We have 2 main concerns.  The performance impact of the exchange system with the audit logs enabled on the exchange server and the amount of space consumed by the audit logs while enabled.  Also should I have other concerns with enabling auditing?  From past experience enabling auditing for prolonged periods has had a detrimental effect on the system.  Once enabled, we will be leaving the logging enabled 24x7x365.
0
Comment
Question by:Linktheman2003
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 13

Accepted Solution

by:
imkottees earned 501 total points
ID: 38760149
Hi,

If you are with Exchange 2010 RTM you have to specify the mailbox for audit logging.
In Exchange 2010 SP1, the audit mailbox is a hidden, dedicated arbitration mailbox that cannot be changed. You can use the Exchange Control Panel (ECP) Auditing Reports page, Search-AdminAuditLog, or New-AdminAuditLogSearch to view audit logs.

http://www.mikepfeiffer.net/2010/02/using-administrator-audit-logging-in-exchange-2010/
0
 
LVL 44

Assisted Solution

by:Amit
Amit earned 501 total points
ID: 38760685
I guess you are not planning to set it permanently. For temp use, i don't think it will impact.
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 498 total points
ID: 38762239
In exchange 2010 mailbox auditing is stored inside the mailboxes

I have done extensive research on this subject since I had to enable mailbox auditing on a large number of mailboxes recently at a client.

My findings (after opening a case with Microsoft and a lot of emails since it is not documented anywhere) it really goes down to the number of mailboxes to audit and the auditing level

If you are auditing only administrator access then you can ignore the impact since it won't be much anyway. However if, like me, you are planning to audit owners access on a large number of mailboxes i was recommended to add up 5% to 7% to the IOPS number given by the mailbox calculator
0
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

 

Author Comment

by:Linktheman2003
ID: 38767879
I am permenantly enabling audting on the Exchange 2010 SP2 rollup 5 server.  It is a single exchange server with about 100 mailboxes.  We are auditing all mailboxes and all users for hard and soft deletes.  My boss has 2 concerns.  The first is what is the total impact on the server from a perfomance stand point (CPU usage, memory consumption, hard drive IHOPS...) and Total Hard drive space consumed yearly.  Or exchange serve ris virualized on a Windows 2008 R2 host so we can get up to Quad core processing currently which we have already enabled and there is little CPU usage except on the McAfee Security for Microsoft Exchange software we run on it.  It has 32GB of RAM setup, but it consumes anywhere from 16-26 GB depending upon load.  In 10 years we have consumed about 231GB, where we saw 20GB in the last year alone to get an idea of how much data we are talking about.  I don't know actual IHOPS yet.  Our concern is to make sure we can tell if a user deletes files and if so who did it.

My other question which has arisen since this post is how do I change the tombstone life of deleted items.  I need to change from the default of 14 days, to a longer period of 35 days so that all items will be caught by our monthly backups offsite if we ever have to go back and retreive them.
0
 
LVL 44

Expert Comment

by:Amit
ID: 38767887
I suggest enable it and monitor it. As performance can differ server to server. Depends how you configured and using a server, so there is no set answer for this query.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 38769600
In your case I don't think you will have any issues at all since the number of users is very small compared to the sizing of your server. Your sever can easily handled 3 times the amount on current users and the extra load of auditing will not be 3x more So i can tell you you will be fine

what raid configuration is your database staying on ? is it on a san storage or local disk? are the disks sata/scsi ??

for the retention period it is easy just go to Org Config -> Mailbox -> DB managemnet -> right click properties on the DB -> limits and change it "keep deleted mailboxes for day(s)
0
 

Author Closing Comment

by:Linktheman2003
ID: 38982735
No hard core proof, but very little impact.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question