Solved

How to enable Admin Auditing per eMail in Exchange 2010  SP3?

Posted on 2013-07-01
4
745 Views
Last Modified: 2013-09-18
Hi experts,

In Exchange 2010 RTM you can enable Administrator Audit Logging and you can configure, that every log entry will be sent to an Audit Mailbox.
(see here: Administrator Audit Logging (Part 1)
http://www.msexchange.org/articles-tutorials/exchange-server-2010/compliance-policies-archiving/administrator-audit-logging-part1.html )

 This behavior changed with Exchange 2010 SP1. You can enable Audit logging, but not an eMail Adress where to send reports / Audit entrys.

How to enable this behavior in E2010 SP3 (Audit logs are sent to a Mailbox)?

Thank you for your help

John
0
Comment
Question by:JoHaMey
  • 2
  • 2
4 Comments
 
LVL 18

Expert Comment

by:suriyaehnop
ID: 39290454
0
 
LVL 1

Author Comment

by:JoHaMey
ID: 39290795
Hi suriyaehnop

Your Link describes the posibillity to SEARCH the LOGs and AFTER THAT send an report.
In the quoted artikle it is described as:
((There are three ways available for administrators to search these logs :
1.
Synchronously, by using theSearch-MailboxAuditLog cmdlet which searches one or more mailboxes and displays the results in the EMS window;
2.
Asynchronously, by using New-MailboxAuditLogSearchto search one or more mailboxes and send the results by e-mail to the specified recipients in a XML document;
3.
By using the Auditing tab in the ECP to run auditing reports or export entries from the mailbox audit log.))

But I want to setup that an email is send to an Audit Mailbox if there is an Event when an Admin is doing something wich I want to be logged (i.e. set "send as" permissions to a Mailbox)
This has been working in E2010RTM with this Shell cmdlet:
Set-AdminAuditLogConfig  -AdminAuditLogCmdlets *mailboxpermission,  
*ADPermission -AdminAuditLogMailbox auditor@company.com

But now with SP3 I dont have the "-AdminAuditLogMailbox " Property .
So how to enable this in E2010 SP3?

Thanks for your help
0
 
LVL 18

Accepted Solution

by:
suriyaehnop earned 500 total points
ID: 39290847
There is no more -AdminAuditLogMailbox started from SP1


When audit logging is enabled, a log entry is created for each cmdlet that's run, excluding Get cmdlets. In the release to manufacturing (RTM) version of Microsoft Exchange Server 2010, log entries are stored in the audit log mailbox you specified and viewed using an e-mail client or Microsoft Office Outlook Web App. With Exchange 2010 Service Pack 1 (SP1), log entries are stored in a hidden mailbox and accessed using the Search-AdminAuditLog or New-AdminAuditLogSearch cmdlets.


http://technet.microsoft.com/EN-US/library/9d77294d-a501-4af6-8c3b-753235c741a7(EXCHG.141).aspx
0
 
LVL 1

Author Comment

by:JoHaMey
ID: 39290908
Hi,
I know this Information, but perhaps anybody knows a solution how to send the entries "stored in the hidden mailbox " Forward to another Mailbox or use something else that I get an email if there is an Event when an Admin is doing something wich I want to be logged.
BTW, the XML files generated by the serarch are not very readable. But the mails send to the Audit Mailbox (before SP1) are very good readable. So how can I get this nice Feature back?

Thanx for your help
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now