Auditing Send As access permanently
Hi everyone
We are receiving more and more requests to provide information regarding who specifically, of a group of Send As users for a specific mailbox, has been sending emails from that Project\generic mailbox.
I have informed them that this is not possible because the Diagnostic level for "Extended Send As" is not at the appropriate level when the events occur and therefore we cannot tell (Currently at LOWEST). If I were to raise the Diagnostic Level
for this ONE service to say "High" or"Expert", what server issues could I expect?
Has anyone done this before and left it permanently on? I appreciate this is called "diagnostic" for a reason but I cannot think of an alternative other than telling them that if it is that much of an issue, don;t request Send As.
Any ideas?
Tom
April 19th, 2010 6:57pm
You should be ok. Your biggest issue is going to be retention and collection of that data. The logs are set to a finite size and will roll over. How quick they roll over depends on volume and size.Active Directory, 4th Edition - www.briandesmond.com/ad4/
Free Windows Admin Tool Kit Click here and download it now
April 19th, 2010 11:36pm
Hello Millardus,
Exchange Auditing event log may be a high traffic event log, depending on the server configuration, severity of logging enabled and user actions. Therefore, the recommended action is to have the Exchange Auditing event log be located on a dedicated hard
disk drive that has sufficient space and that can support fast write operations. It can be changed from
Event viewer –> Exchange Auditing logs –> Properties.
Thanks,
Dinesh.
April 20th, 2010 3:59am