Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 815
  • Last Modified:

How to enable Admin Auditing per eMail in Exchange 2010 SP3?

Hi experts,

In Exchange 2010 RTM you can enable Administrator Audit Logging and you can configure, that every log entry will be sent to an Audit Mailbox.
(see here: Administrator Audit Logging (Part 1)
http://www.msexchange.org/articles-tutorials/exchange-server-2010/compliance-policies-archiving/administrator-audit-logging-part1.html )

 This behavior changed with Exchange 2010 SP1. You can enable Audit logging, but not an eMail Adress where to send reports / Audit entrys.

How to enable this behavior in E2010 SP3 (Audit logs are sent to a Mailbox)?

Thank you for your help

John
0
JoHaMey
Asked:
JoHaMey
  • 2
  • 2
1 Solution
 
suriyaehnopCommented:
0
 
JoHaMeyAuthor Commented:
Hi suriyaehnop

Your Link describes the posibillity to SEARCH the LOGs and AFTER THAT send an report.
In the quoted artikle it is described as:
((There are three ways available for administrators to search these logs :
1.
Synchronously, by using theSearch-MailboxAuditLog cmdlet which searches one or more mailboxes and displays the results in the EMS window;
2.
Asynchronously, by using New-MailboxAuditLogSearchto search one or more mailboxes and send the results by e-mail to the specified recipients in a XML document;
3.
By using the Auditing tab in the ECP to run auditing reports or export entries from the mailbox audit log.))

But I want to setup that an email is send to an Audit Mailbox if there is an Event when an Admin is doing something wich I want to be logged (i.e. set "send as" permissions to a Mailbox)
This has been working in E2010RTM with this Shell cmdlet:
Set-AdminAuditLogConfig  -AdminAuditLogCmdlets *mailboxpermission,  
*ADPermission -AdminAuditLogMailbox auditor@company.com

But now with SP3 I dont have the "-AdminAuditLogMailbox " Property .
So how to enable this in E2010 SP3?

Thanks for your help
0
 
suriyaehnopCommented:
There is no more -AdminAuditLogMailbox started from SP1


When audit logging is enabled, a log entry is created for each cmdlet that's run, excluding Get cmdlets. In the release to manufacturing (RTM) version of Microsoft Exchange Server 2010, log entries are stored in the audit log mailbox you specified and viewed using an e-mail client or Microsoft Office Outlook Web App. With Exchange 2010 Service Pack 1 (SP1), log entries are stored in a hidden mailbox and accessed using the Search-AdminAuditLog or New-AdminAuditLogSearch cmdlets.


http://technet.microsoft.com/EN-US/library/9d77294d-a501-4af6-8c3b-753235c741a7(EXCHG.141).aspx
0
 
JoHaMeyAuthor Commented:
Hi,
I know this Information, but perhaps anybody knows a solution how to send the entries "stored in the hidden mailbox " Forward to another Mailbox or use something else that I get an email if there is an Event when an Admin is doing something wich I want to be logged.
BTW, the XML files generated by the serarch are not very readable. But the mails send to the Audit Mailbox (before SP1) are very good readable. So how can I get this nice Feature back?

Thanx for your help
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now