Technique for Monitoring Mailbox Audit Logging in Exchange Server 2010

Nowadays many business professionals want to track that who is accessing their mailbox in an organization to have details, who is performing certain actions on their mailbox items. To perform such monitoring of data, Exchange Server 2010 (SP1 or later) offers a feature known as Mailbox Audit Logging. This feature provides the monitoring mailbox audit logging in Exchange Server 2010. However, this functionality is not turned on by default. These are enable by the Exchange administrator for those mailboxes that are measured sensitive or can be accessed anywhere. In the following section, we will discuss the way to of enabling Mailbox Audit.

Approach to Enable Mailbox Audit

Firstly, user needs to check that the audit is enabled or not. For this user needs to run Get-Mailbox command. The user will get the following output after running this command:
  1. Not enabled Mailbox Auditing for this mailbox
  2. 90 days is the log age limit
  3. Actions are logged for admins, owner and delegates themselves
NOTE: The owner of the mailbox is not logged by default, as their access will generate many audit log entries. For the basic actions, Delegates are logged and for additional administrative actions, Administrators are logged.

Solution 1

There are different ways with which user can look for auditing log entries of mailbox. Firstly, it can be searched by searching a single mailbox by utilizing Exchange Management Shell.

  1. Open Exchange Management Shell on your system.
  2. Use Set-Mailbox command to enable a mailbox for audit logging.
  3. User can use the search-mailboxauditlog command to search the mailbox for audit logs.
Now after running that command user can see the information that is partially useful for the users. It displays all the details that who accessed something and at which time.
Limitation: This method represents many data in unreadable form because of which users are unable to get the proper results.

Solution 2

User can utilize the Exchange Control Panel in Exchange 2010 to search the mailbox audit logs. This method helps to overcome the drawbacks faced by users in first solution. User needs to follow the following steps:

  • Open MS Exchange Server on your system
  • Select mail option >> Manage my Organization
  • Click on Auditing option >> Check the option ”Run a non-owner mailbox access report
  • Now choose the specific date.
  • Now all the results will be displayed.

Conclusion

In the above discussion, two different solutions are discussed for monitoring mailbox audit logging in Exchange Server 2010. As the first solution has some limitations, so according to expertise user can utilize the second solution. It allows user to audit the desired data in a readable form.

 

Tej Pratap

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: