How
to enable login of important exchange server changes.
Exchange
server audit settings:
Open
the Exchange Management Shell, and run the following cmdlets:
Set-AdminAuditLogConfig
–AdminAuditLogEnabled $true
Set-AdminAuditLogConfig
–AdminAuditLogCmdlets *
Set-AdminAuditLogConfig
–AdminAuditLogParameters *
Set-AdminAuditLogConfig –LogLevel Verbose (for
Exchange 2013)
Audit
Log View in Exchange 2010
Open
the Exchange Control Panel in your browser > navigate to “Roles &
Auditing” > Auditing (Tab) :
Run an administrator role group report
Export the Administrator
Audit Log
Specify the date range. Search for cmdlets
listed in “Common Cmdlets” box
Audit
Log View in Exchange 2013
Open the Exchange
Admin Center in your browser > Compliance Management > Auditing >
click “View the administrator audit log”
Specify the date range. Search for cmdlets
listed in “Common Cmdlets” box
MSExchange
Management Log
Run eventvwr.msc > Applications and
Services Logs > MSExchange Management > search for cmdlets listed in
“Common Cmdlets” box
Audit
Log Search via Exchange Management Shell
Open the Exchange
Management Shell
Run the following cmdlets in order to search
Admin audit log:
Search-AdminAuditLog
New-AdminAuditLogSearch
You can
specify search date by adding “–Parameters –StartDate MM/DD/YYYY – EndDate
MM/DD/YYYY”
You can also specify cmdlets and parameters.
Run “get-help Search- AdminAuditLog” for more information.
No comments:
Post a Comment