As the name
implies, Mailbox audit logging logs information related to mailboxes,
like who logs on to the mailboxes, what actions were taken, especially
when mailboxes were delegated to others. While enabling this feature, we
can specify the logging levels, for example,
which user actions should be logged (creating, accessing or deleting a
message). The logs displays very important information like, host
name/IP address used to access the mailboxes. Logs are also moved when
moving mailbox to another server, since they are stored in the Audits
subfolder of the audited mailbox Recoverable Items folder.
By
default, audit log entries are retained in the mailbox for 90 days. We
can change this time interval by using AuditLogAgeLimit parameter with
the Set-Mailbox cmdlet. Set-Mailbox cmdlet is also used to enable or
disable audit logging per mailbox.
Enabling
mailbox audit logging feature will generate a large number of log file
which will consume a lot of disk space, therefore Microsoft recommends
enabling this feature only to meet business or security requirements. By default, mailbox audit logging is disabled.
Note- we can’t use Exchange Management Console (EMC) or Exchange Control Panel (ECP) to enable or disable this feature. It can only be done from the cmdlet shell.
Run the below command to enable mailbox audit logging for Mike Dahlen’s mailbox:-
Set-Mailbox -Identity "Mike Dahlen" -AuditEnabled $true
Below command disables the mailbox audit logging for Mike Dahlen’s mailbox:-
Set-Mailbox -Identity "Mike Dahlen" -AuditEnabled $false
Below cmdlet will create a mailbox audit log search to search mprask’s mailbox and send to the specified recipient i.e,
Sachin@learnmsexchange.com
New-MailboxAuditLogSearch -Mailboxes mprask -LogonTypes Owner –ShowDetails -StartDate 4/12/2011 -EndDate 5/12/2011 -StatusMailRecipients
sachin@learnmsexchange.com
No comments:
Post a Comment