Exchange 2010 Administrator Audit Log – script

Till now we wrote two articles about Adminstrator Audit Log.

First described how to enable and configure Administrator Audit Log:

Exchange 2010 Administrator Audit Log – configuration

in second we explained how to search Administrator Audit Log:

Exchange 2010 Administrator Audit Log – search logs

 

Now we will describe how to automate search of Administrator Audit Log.

During Administrator Audit Log configuration we set, how long audit logs will be stored in a hidden arbitration mailbox.

The command you to configure how long the logs should be kept are presented below:

Set-AdminAuditLogConfig -AdminAuditLogAgeLimit 60.00:00:00

 

To specify a value of days, use the format dd.hh:mm:ss so in this example logs will be kept for 60 days.

Continue reading

Exchange 2010 Administrator Audit Log – search logs

We wrote how to enable Administrator Audit Log on Exchange 2010 in last post:

Exchange 2010 Administrator Audit Log – configuration

 

Now we want to explain how can we search logs or export them.

 

We can see logs and export them using:

  • ECP console
  • CMDlet Search-AdminAuditLog or New-AdminAuditLogSearch

 

Using ECP console to search and export logs:

Run ECP console and choose:

  1. In the drop-down list box next to Mail > Options, click My Organization from the Select what to manage list.
  2. Click Reporting, click Auditing, and then click Export Configuration Changes.
  3. Select a date range using the Start Date and End Date fields.
  4. Select the recipient who should receive the XML file using the Select users to email the audit log to field.
  5. Click Export.

Continue reading