Re: logging action

  • From: "Sarbjit Singh Gill" <ssgill@xxxxxxxxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 25 Oct 2004 17:46:49 +0800

From the URL at MSDN
(http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnw2kmag01
/html/DiagnosticsLogging.asp)

---------------------------------------------------------------
Tracking Basic Events
Even if you don't enable Exchange Server diagnostics logging, you can view
certain security-related events and track changes to Exchange Server objects
in the DS. Exchange Server 5.5 can track logon-related events (when a user
accesses another user's mailbox) and permissions-related events (when
permissions to an object change).

Logon-related events. When a user initially opens a new Microsoft Outlook
session and connects to another user's mailbox, Exchange Server logs event
ID 1016. Event ID 1016's source is the Directory Store.

Event ID 1016 isn't always a cause for concern; users can have legitimate
permissions to another mailbox (e.g., administrative assistants often have
access to their managers' mailboxes). The event also flags many day-to-day
Exchange Server occurrences. Messaging API (MAPI) agents, the Microsoft
Mailbox Cleanup Agent, failed attempts to open mailboxes, and attempts to
view other users' calendar information all generate event ID 1016, for
example. However, if you see this event for a mailbox that no one else
should have access to, you might want to investigate.


----------------

Kind Regards
Gill


> -----Original Message-----
> From: MohammedAthif Khaleel [mailto:mohammed.athifkhaleel@xxxxxxxxx]
> Sent: Monday, October 25, 2004 5:37 PM
> To: [ExchangeList]
> Subject: [exchangelist] Re: logging action
>
> http://www.MSExchange.org/
>
> It should be logged in the Event Viewer on Exchange, check it out.
>
> Athif
>
>
> On Mon, 25 Oct 2004 16:22:57 +0700, NGUYEN HONG HA
> <hanh.evnit@xxxxxxxxxx> wrote:
> > http://www.MSExchange.org/
> >
> >
> >
> > I have an Exchange 5.5 on a Windows 2000 Server.
> >
> > My boss claims that others open their mailboxes.
> >
> > When someone open a mailbox, do you know how to log this
> action (who
> > open, time of open, ...) ?
> >
> > This is very urgent. Please help.
> >
> > Thank you very
> > much.------------------------------------------------------
> > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking:
> http://www.windowsnetworking.com Leading
> > Network Software Directory: http://www.serverfiles.com
> > No.1 ISA Server Resource Site: http://www.isaserver.org Windows
> > Security Resource Site: http://www.windowsecurity.com/ Network
> > Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> > Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this MSEXchange.org
> Discussion List as:
> > Mohammed.AthifKhaleel@xxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Report abuse to listadmin@xxxxxxxxxxxxxx
>
>
> --
> -------------------------------------
> Mohammed.Athif Khaleel
> -------------------------------------
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org
> Discussion List as: ssgill@xxxxxxxxxxxxxxxxxxxx To
> unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx 

Other related posts: