Solved

How to enable Admin Auditing per eMail in Exchange 2010  SP3?

Posted on 2013-07-01
4
755 Views
Last Modified: 2013-09-18
Hi experts,

In Exchange 2010 RTM you can enable Administrator Audit Logging and you can configure, that every log entry will be sent to an Audit Mailbox.
(see here: Administrator Audit Logging (Part 1)
http://www.msexchange.org/articles-tutorials/exchange-server-2010/compliance-policies-archiving/administrator-audit-logging-part1.html )

 This behavior changed with Exchange 2010 SP1. You can enable Audit logging, but not an eMail Adress where to send reports / Audit entrys.

How to enable this behavior in E2010 SP3 (Audit logs are sent to a Mailbox)?

Thank you for your help

John
0
Comment
Question by:JoHaMey
  • 2
  • 2
4 Comments
 
LVL 18

Expert Comment

by:suriyaehnop
ID: 39290454
0
 
LVL 1

Author Comment

by:JoHaMey
ID: 39290795
Hi suriyaehnop

Your Link describes the posibillity to SEARCH the LOGs and AFTER THAT send an report.
In the quoted artikle it is described as:
((There are three ways available for administrators to search these logs :
1.
Synchronously, by using theSearch-MailboxAuditLog cmdlet which searches one or more mailboxes and displays the results in the EMS window;
2.
Asynchronously, by using New-MailboxAuditLogSearchto search one or more mailboxes and send the results by e-mail to the specified recipients in a XML document;
3.
By using the Auditing tab in the ECP to run auditing reports or export entries from the mailbox audit log.))

But I want to setup that an email is send to an Audit Mailbox if there is an Event when an Admin is doing something wich I want to be logged (i.e. set "send as" permissions to a Mailbox)
This has been working in E2010RTM with this Shell cmdlet:
Set-AdminAuditLogConfig  -AdminAuditLogCmdlets *mailboxpermission,  
*ADPermission -AdminAuditLogMailbox auditor@company.com

But now with SP3 I dont have the "-AdminAuditLogMailbox " Property .
So how to enable this in E2010 SP3?

Thanks for your help
0
 
LVL 18

Accepted Solution

by:
suriyaehnop earned 500 total points
ID: 39290847
There is no more -AdminAuditLogMailbox started from SP1


When audit logging is enabled, a log entry is created for each cmdlet that's run, excluding Get cmdlets. In the release to manufacturing (RTM) version of Microsoft Exchange Server 2010, log entries are stored in the audit log mailbox you specified and viewed using an e-mail client or Microsoft Office Outlook Web App. With Exchange 2010 Service Pack 1 (SP1), log entries are stored in a hidden mailbox and accessed using the Search-AdminAuditLog or New-AdminAuditLogSearch cmdlets.


http://technet.microsoft.com/EN-US/library/9d77294d-a501-4af6-8c3b-753235c741a7(EXCHG.141).aspx
0
 
LVL 1

Author Comment

by:JoHaMey
ID: 39290908
Hi,
I know this Information, but perhaps anybody knows a solution how to send the entries "stored in the hidden mailbox " Forward to another Mailbox or use something else that I get an email if there is an Event when an Admin is doing something wich I want to be logged.
BTW, the XML files generated by the serarch are not very readable. But the mails send to the Audit Mailbox (before SP1) are very good readable. So how can I get this nice Feature back?

Thanx for your help
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question