We wrote how to enable Administrator Audit Log on Exchange 2010 in last post:
Now we want to explain how can we search logs or export them.
We can see logs and export them using:
- ECP console
- CMDlet Search-AdminAuditLog or New-AdminAuditLogSearch
Using ECP console to search and export logs:
Run ECP console and choose:
- In the drop-down list box next to Mail > Options, click My Organization from the Select what to manage list.
- Click Reporting, click Auditing, and then click Export Configuration Changes.
- Select a date range using the Start Date and End Date fields.
- Select the recipient who should receive the XML file using the Select users to email the audit log to field.
- Click Export.