Hi everyone We are receiving more and more requests to provide information regarding who specifically, of a group of Send As users for a specific mailbox, has been sending emails from that Project\generic mailbox. I have informed them that this is not possible because the Diagnostic level for "Extended Send As" is not at the appropriate level when the events occur and therefore we cannot tell (Currently at LOWEST). If I were to raise the Diagnostic Level for this ONE service to say "High" or"Expert", what server issues could I expect? Has anyone done this before and left it permanently on? I appreciate this is called "diagnostic" for a reason but I cannot think of an alternative other than telling them that if it is that much of an issue, don;t request Send As. Any ideas? Tom

You should be ok. Your biggest issue is going to be retention and collection of that data. The logs are set to a finite size and will roll over. How quick they roll over depends on volume and size.Active Directory, 4th Edition - www.briandesmond.com/ad4/

Hello Millardus, Exchange Auditing event log may be a high traffic event log, depending on the server configuration, severity of logging enabled and user actions. Therefore, the recommended action is to have the Exchange Auditing event log be located on a dedicated hard disk drive that has sufficient space and that can support fast write operations. It can be changed from Event viewer –> Exchange Auditing logs –> Properties. Thanks, Dinesh.