Home > Others

Exchange2013 SP1 Mailbox Audit log enable and log export

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Exchange2013 SP1 Mailbox Audit log enable and log export

Whenever said audit, believe for everyone is a more sensitive topic, for the current era of internet prosperity, all the information is not so safe, of course, it is also convenient, it is said today is EXCHANGE2013SP1 under the mailbox audit, that mailbox audit what use? After we enable auditing for a mailbox, Microsoft Exchange records the information in the mailbox audit log whenever a non-owner user accesses the mailbox, and each log entry contains the following information---the user who accessed the mailbox and the time it was accessed, what the non-owner did, and whether the operation was performed successfully. By default, entries in the mailbox audit log are saved for 90 days, and you can use the Mailbox audit log to confirm that a non-mailbox user has access to a mailbox, and so on, when you export entries in the Mailbox audit log, Microsoft Exchange saves the entries in an XML file. Then attach it to the e-mail message sent to the specified recipient, not to mention, see the following:

Configure mailbox audit logging to first confirm that mailbox audit logging must be enabled for each mailbox that needs to run non-owner mailbox Access reports. If mailbox audit logging is not enabled for a mailbox, when you export the mailbox audit log, you will not get any results about that mailbox. Before you can perform this procedure, you must first obtain permissions. To view the permissions that you want, to enable mailbox audit logging for a single mailbox, run the command in the Management Shell:

We first view the current user through Get-mailbox

650) this.width=650; "title=" clip_image002 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image002" src= "http://s3.51cto.com/wyfs02/M02/6B/E8/wKiom1U5087ybjPTAAF1AykHH0M370.jpg" height= "329"/>

We use the following command to see which users have mailbox audit logs enabled

Get-mailbox | FL name,auditenabled

650) this.width=650; "title=" clip_image004 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image004" src= "http://s3.51cto.com/wyfs02/M00/6B/E9/wKiom1U509HArArdAAFSYoeLp5o617.jpg" height= "332"/>

We see that all users of the current organization do not have the mailbox audit log enabled, so we need to enable it with the following command, set-

Mailbox <Identity>-auditenabled $true

For example, I want to enable User01

Set-mailbox–identity user01-auditenabled $true

650) this.width=650; "title=" clip_image006 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image006" src= "http://s3.51cto.com/wyfs02/M01/6B/E5/wKioL1U51THCJp9bAAFJLuZhNsk392.jpg" height= "332"/>

When enabled, we view the mailbox audit log status for User01

Get-mailbox | FL name,auditenabled

The value of the auditenabled property is True audit logging enabled for validation.

650) this.width=650; "title=" clip_image008 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image008" src= "http://s3.51cto.com/wyfs02/M02/6B/E9/wKiom1U509Gy6vndAAEiZHSYYQs156.jpg" height= "329"/>

To enable mailbox audit logging for all user mailboxes in your organization, run the following command:

$UserMailboxes = get-mailbox-filter {(recipienttypedetails-eq ' Usermailbox ')} $UserMailboxes | ForEach {Set-mailbox $_. Identity-auditenabled $true}

650) this.width=650; "title=" clip_image010 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image010" src= "http://s3.51cto.com/wyfs02/M00/6B/E9/wKiom1U509HhlhFaAAFv_29pnFg645.jpg" height= "286"/>

Execute again

650) this.width=650; "title=" clip_image012 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image012" src= "http://s3.51cto.com/wyfs02/M01/6B/E9/wKiom1U509GhiLDEAAGIl4ePzOI669.jpg" height= "/>"

Found modified

650) this.width=650; "title=" clip_image014 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image014" src= "http://s3.51cto.com/wyfs02/M02/6B/E9/wKiom1U509LCsKqvAAFPM1-w528966.jpg" height= "332"/>

Run the following command to verify that the XML attachment is allowed in Outlook Web App

Get-owamailboxpolicy | Select-object-expandproperty Allowedfiletypes

Please verify that .xml it is included in the list of allowed file types.

650) this.width=650; "title=" clip_image016 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image016" src= "http://s3.51cto.com/wyfs02/M00/6B/E9/wKiom1U509KyrUw4AACPVFD32hU770.jpg" height= "207"/>

We found no, so we're going to run the following name to add to the list of OWA run file types

Run the following command to add XML to the list of file types allowed in Outlook Web App.

Set-owamailboxpolicy-identity owamailboxpolicy-default-allowedfiletypes @{add= '. Xml '}

Run the following command to verify that the XML attachment has been removed from the list of blocked files in Outlook Web App.

Get-owamailboxpolicy | Select-object-expandproperty Blockedfiletypes

Verify .xml that it is not included in the list of blocked file types.

650) this.width=650; "title=" clip_image018 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image018" src= "http://s3.51cto.com/wyfs02/M01/6B/E9/wKiom1U509LRU1HSAADVm4tvGHA896.jpg" height= "" "/>

We found in the list of organizations, so we ran the following command to remove from the list

Set-owamailboxpolicy-identity owamailboxpolicy-default-blockedfiletypes @{remove= '. Xml '}

After the configuration is complete, we are next to the mailbox audit log everywhere.

Export Mailbox Audit Logs

1. In the Exchange Admin Center-compliance Management---auditing

Https://casaddress.domain.com/ecp

650) this.width=650; "title=" clip_image020 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image020" src= "http://s3.51cto.com/wyfs02/M02/6B/E9/wKiom1U509KCklCWAAEzq_6i1FA341.jpg" height= "384"/>

2. Click-Export the Mailbox audit log

650) this.width=650; "title=" clip_image022 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image022" src= "http://s3.51cto.com/wyfs02/M00/6B/E9/wKiom1U509Lw0SkJAAESKxC-53o687.jpg" height= "354"/>

3. Configure the search criteria export entries in the Mailbox audit log

Start and end dates

Mailbox to search the audit log for

Types of non-owner access

All not all users

External users

Administrators and proxy users

Administrator

650) this.width=650; "title=" clip_image024 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image024" src= "http://s3.51cto.com/wyfs02/M01/6B/E9/wKiom1U509KTwXtNAAEov-CVz8M816.jpg" height= "373"/>

After we fill in the requirements, click Export, then we select the exported user is User01, User02, and then send the results to Gavin

650) this.width=650; "title=" clip_image026 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image026" src= "http://s3.51cto.com/wyfs02/M02/6B/E9/wKiom1U509KT3HWTAAFo2V1E410009.jpg" height= "430"/>

Click Export, then we log in Gavin Mailbox to view information

650) this.width=650; "title=" clip_image028 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image028" src= "http://s3.51cto.com/wyfs02/M00/6B/E5/wKioL1U51TKzYTiaAAEtqRnKhiA832.jpg" height= "579"/>

We found no information, so we need to forge the relevant action and then export the audit log.

650) this.width=650; "title=" clip_image030 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image030" src= "http://s3.51cto.com/wyfs02/M01/6B/E5/wKioL1U51TLz2P15AAH-Ggzqkmg060.jpg" height= "435"/>

We use Outlook to download attachments for viewing

650) this.width=650; "title=" clip_image032 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image032" src= "http://s3.51cto.com/wyfs02/M02/6B/E5/wKioL1U51TOROgsRAAIHL7V3h5U916.jpg" height= "439"/>

We found in the Exchange Admin Center that there is one run per mailbox litigation hold reporting feature:

650) this.width=650; "title=" clip_image034 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image034 "src=" http://s3.51cto.com/wyfs02/M00/6B/E5/wKioL1U51TOAwa7kAAGELAFB7PE846.jpg "height=" 449 "/>

This article from "Gao Wenrong" blog, reproduced please contact the author!

Exchange2013 SP1 Mailbox Audit log enable and log export

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More