Part 1: Installing LOGbinder for Exchange
Part 2: Configuring LOGbinder for Exchange
Part 4: Monitoring LOGbinder for Exchange
Part 5: Appendix
administrator can specify a mailbox audit policy, select groups and/or
organization units, and then the LOGbinder service will set mailbox audit
policy for the mailboxes in those groups and organizational units. The
LOGbinder service will regularly enforce this policy, in case new mailboxes
were added to the groups and organizational units—or if the policy had been
changed for a mailbox.
Using LOGbinder Control Panel to set mailbox audit policy
To set mailbox audit policy, open the Input properties window,
and click on the link “Mailbox Audit Policy.” (The same link is available in
the Options window.)
NOTE: If the link in
Options is disabled, it is because you have not yet created an Input pointing
to an Exchange installation. After creating an Input you can set mailbox audit
The main window (see Figure 1)
gives an overview of the existing mailbox audit policy that has been set in
LOGbinder. This will be empty if this is your first time setting audit policy.
From here, you can (1) specify the audit policy, (2) select organizational units that the policy should apply to, and
(3) select Exchange groups that the policy should
Figure 1: Mailbox Audit Policy settings
Clicking on the "Audit Policy" link will open the Mailbox Audit Policy. (See Figure 2.)
Select the actions under the appropriate columns: Administrator, Delegate, and
Owner. If you select None, all the other boxes will be unchecked and that type
of mailbox access will not be audited.
Click the link “Set default audit policy” to use Microsoft’s
default mailbox audit policy. You can continue to adjust the policy to suit the
needs of your organization.
A recommendation from
LOGbinder: Do not audit Owner access, leave it set to None. Auditing what a
user does in his own mailbox will create a huge number of audit events, events
that have very little value, and will choke your Exchange installation—as well
as the LOGbinder service.
Figure 2: Mailbox Audit Policy
When finished adjusting the audit policy, click on the Close button to return to the main Mailbox Audit Policy window.
Clicking on the "Adjust Organizational Units" link to specify organizational units. (See Figure 3.)
The list of all organizational units will be shown in the list. If you wish to
apply to policy to organizational units, select one or more items and press the
Add to Selected button.
Figure 3: Select Organizational Units
When finished selecting the organizational units, click on the Close button to return to the main Mailbox Audit Policy window.
Clicking on the "Adjust Groups" link will present the Select Groups window. (See Figure 4.)
You must first filter groups. Enter at least the first three characters of the
groups’ names—then press the Go button. The list of groups that match will
show in the list. Select one or more groups and press the Add to Selected
button. The Selected Groups list will contain the groups to which the policy
will be applied. You may repeat the filtering as many times as needed.
If you press the Go button with no text in the Filter
Groups box, then all groups will be listed. This is not recommended if you have
a large number of groups.
Figure 4: Select Groups
When finished selecting the groups, click on the Close button to return to the main Mailbox Audit Policy window.
When you press OK, LOGbinder will save the adjustments to your
mailbox audit policy.
Enforcing Mailbox audit policy
Every night, the LOGbinder service will enforce your mailbox
audit policy. It will find the mailboxes that are contained in the groups
and/or organizational units. If the mailbox’s audit policy does not match,
LOGbinder will change its policy. LOGbinder will report on the number of
mailboxes that have been adjusted.
Please note that you must set the “Audit Log” management role to use
this feature – See Check
User Accounts and Authority section in the "Installing LOGbinder for Exchange" article.
NOTE: For performance
considerations, it is recommended that you use as few groups and/or
organizational units as possible. The greater the number of groups and organizational
units, the longer it will take to inspect audit policy.
Optionally provide private feedback to help us improve this article...
Thank you for your feedback!