TABLE OF CONTENTS Auditing Exchange usage is essential. If you are not currently auditing your Exchange system, you might not even realize you are having security problems. Still worse, you could discover that you have a security problem but not be able to track it down. Auditing will help you in these tasks. The auditing process breaks down into a couple of categories: Windows 2000/2003 event auditing and Exchange 2000/2003 diagnostics logging.
In this chapter we examine the followingstopics:
Windows 2000/2003 auditing
Auditing Changes to the Exchange Configuration
Exchange Diagnostics Logging
Microsoft Operations Manager and Exchange 2003
By the time you reach the end of this chapter, you will be aware of some of the options you have in regard to auditing your Windows 2000/2003 and Exchange 2000/2003 systems.
The Event Log Service takes care of all Windows 2000/2003 auditing. You probably know the Event Log Service pretty well, so we won t go into any details here describing it or show you how it works. Instead, let s look at a few tips on what you should audit in regard to Exchange 2000/2003.
The Event Log Service records all types of events on the system (server). The service consists of several different logs: the Application log, the Security log, the System log, the Directory Service log, the DNS Server log, and the File Replication log. Dealing with Exchange 2000/2003 auditing, the interesting log is the Security log, which audits everything specified in the Audit Policy...
