?
Solved

How to enable Admin Auditing per eMail in Exchange 2010  SP3?

Posted on 2013-07-01
4
Medium Priority
?
793 Views
Last Modified: 2013-09-18
Hi experts,

In Exchange 2010 RTM you can enable Administrator Audit Logging and you can configure, that every log entry will be sent to an Audit Mailbox.
(see here: Administrator Audit Logging (Part 1)
http://www.msexchange.org/articles-tutorials/exchange-server-2010/compliance-policies-archiving/administrator-audit-logging-part1.html )

 This behavior changed with Exchange 2010 SP1. You can enable Audit logging, but not an eMail Adress where to send reports / Audit entrys.

How to enable this behavior in E2010 SP3 (Audit logs are sent to a Mailbox)?

Thank you for your help

John
0
Comment
Question by:JoHaMey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 19

Expert Comment

by:suriyaehnop
ID: 39290454
0
 
LVL 1

Author Comment

by:JoHaMey
ID: 39290795
Hi suriyaehnop

Your Link describes the posibillity to SEARCH the LOGs and AFTER THAT send an report.
In the quoted artikle it is described as:
((There are three ways available for administrators to search these logs :
1.
Synchronously, by using theSearch-MailboxAuditLog cmdlet which searches one or more mailboxes and displays the results in the EMS window;
2.
Asynchronously, by using New-MailboxAuditLogSearchto search one or more mailboxes and send the results by e-mail to the specified recipients in a XML document;
3.
By using the Auditing tab in the ECP to run auditing reports or export entries from the mailbox audit log.))

But I want to setup that an email is send to an Audit Mailbox if there is an Event when an Admin is doing something wich I want to be logged (i.e. set "send as" permissions to a Mailbox)
This has been working in E2010RTM with this Shell cmdlet:
Set-AdminAuditLogConfig  -AdminAuditLogCmdlets *mailboxpermission,  
*ADPermission -AdminAuditLogMailbox auditor@company.com

But now with SP3 I dont have the "-AdminAuditLogMailbox " Property .
So how to enable this in E2010 SP3?

Thanks for your help
0
 
LVL 19

Accepted Solution

by:
suriyaehnop earned 1500 total points
ID: 39290847
There is no more -AdminAuditLogMailbox started from SP1


When audit logging is enabled, a log entry is created for each cmdlet that's run, excluding Get cmdlets. In the release to manufacturing (RTM) version of Microsoft Exchange Server 2010, log entries are stored in the audit log mailbox you specified and viewed using an e-mail client or Microsoft Office Outlook Web App. With Exchange 2010 Service Pack 1 (SP1), log entries are stored in a hidden mailbox and accessed using the Search-AdminAuditLog or New-AdminAuditLogSearch cmdlets.


http://technet.microsoft.com/EN-US/library/9d77294d-a501-4af6-8c3b-753235c741a7(EXCHG.141).aspx
0
 
LVL 1

Author Comment

by:JoHaMey
ID: 39290908
Hi,
I know this Information, but perhaps anybody knows a solution how to send the entries "stored in the hidden mailbox " Forward to another Mailbox or use something else that I get an email if there is an Event when an Admin is doing something wich I want to be logged.
BTW, the XML files generated by the serarch are not very readable. But the mails send to the Audit Mailbox (before SP1) are very good readable. So how can I get this nice Feature back?

Thanx for your help
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
This video discusses moving either the default database or any database to a new volume.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question