Managing Audit Settings and Audit Logs

Auditing in Exchange is performed in a very similar manner to the way that events are audited in Windows Server 2003. The first step in configuring auditing is to configure the appropriate auditing Group Policy within Active Directory. After this is done, you can configure auditing by editing an object's properties, navigating to the Security tab, and then clicking the Advanced button. From there, you can select the Auditing tab, as shown in Figure 9.3. To check the audit logs, you must look in the system log on the computer on which you are performing the auditing. If you need to ensure that an administrator of the Exchange server is performing his job task in a responsible manner, you can configure auditing on Exchange.

Figure 9.3. Configuring auditing on the mailbox store.

Logging can be used to track the commands that a virtual server receives from clients. To enable logging, right-click on a particular virtual server that you are interested in logging, and select Properties. On the General tab, ensure that the Enable Logging check box is selected, as shown in Figure 9.4. The different log formats are

• W3C Extended Log File Format

• NCSA Common Log File Format

• ODBC Logging

• Microsoft IIS Log File Format

These log files are written in text format and are stored in the %systemroot%\System32\logfiles directory.

The SMTP, Network News Transfer Protocol (NNTP), and HTTP virtual servers can be logged in this manner. HTTP virtual server logging must be configured via the IIS console rather than the Exchange System Manager.