Solved

How to enable Admin Auditing per eMail in Exchange 2010  SP3?

Posted on 2013-07-01
4
782 Views
Last Modified: 2013-09-18
Hi experts,

In Exchange 2010 RTM you can enable Administrator Audit Logging and you can configure, that every log entry will be sent to an Audit Mailbox.
(see here: Administrator Audit Logging (Part 1)
http://www.msexchange.org/articles-tutorials/exchange-server-2010/compliance-policies-archiving/administrator-audit-logging-part1.html )

 This behavior changed with Exchange 2010 SP1. You can enable Audit logging, but not an eMail Adress where to send reports / Audit entrys.

How to enable this behavior in E2010 SP3 (Audit logs are sent to a Mailbox)?

Thank you for your help

John
0
Comment
Question by:JoHaMey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 19

Expert Comment

by:suriyaehnop
ID: 39290454
0
 
LVL 1

Author Comment

by:JoHaMey
ID: 39290795
Hi suriyaehnop

Your Link describes the posibillity to SEARCH the LOGs and AFTER THAT send an report.
In the quoted artikle it is described as:
((There are three ways available for administrators to search these logs :
1.
Synchronously, by using theSearch-MailboxAuditLog cmdlet which searches one or more mailboxes and displays the results in the EMS window;
2.
Asynchronously, by using New-MailboxAuditLogSearchto search one or more mailboxes and send the results by e-mail to the specified recipients in a XML document;
3.
By using the Auditing tab in the ECP to run auditing reports or export entries from the mailbox audit log.))

But I want to setup that an email is send to an Audit Mailbox if there is an Event when an Admin is doing something wich I want to be logged (i.e. set "send as" permissions to a Mailbox)
This has been working in E2010RTM with this Shell cmdlet:
Set-AdminAuditLogConfig  -AdminAuditLogCmdlets *mailboxpermission,  
*ADPermission -AdminAuditLogMailbox auditor@company.com

But now with SP3 I dont have the "-AdminAuditLogMailbox " Property .
So how to enable this in E2010 SP3?

Thanks for your help
0
 
LVL 19

Accepted Solution

by:
suriyaehnop earned 500 total points
ID: 39290847
There is no more -AdminAuditLogMailbox started from SP1


When audit logging is enabled, a log entry is created for each cmdlet that's run, excluding Get cmdlets. In the release to manufacturing (RTM) version of Microsoft Exchange Server 2010, log entries are stored in the audit log mailbox you specified and viewed using an e-mail client or Microsoft Office Outlook Web App. With Exchange 2010 Service Pack 1 (SP1), log entries are stored in a hidden mailbox and accessed using the Search-AdminAuditLog or New-AdminAuditLogSearch cmdlets.


http://technet.microsoft.com/EN-US/library/9d77294d-a501-4af6-8c3b-753235c741a7(EXCHG.141).aspx
0
 
LVL 1

Author Comment

by:JoHaMey
ID: 39290908
Hi,
I know this Information, but perhaps anybody knows a solution how to send the entries "stored in the hidden mailbox " Forward to another Mailbox or use something else that I get an email if there is an Event when an Admin is doing something wich I want to be logged.
BTW, the XML files generated by the serarch are not very readable. But the mails send to the Audit Mailbox (before SP1) are very good readable. So how can I get this nice Feature back?

Thanx for your help
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses
Course of the Month9 days, 3 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question