Netwrix Auditor allows tracking non-owner mailbox access in your Exchange organization. Review the following procedures:
- To configure mailbox access tracking for Exchange 2010 manually
- To configure mailbox access tracking for Exchange 2013 and 2016 manually
NOTE: Perform the procedure below only if you do not want to enable network traffic compression option when setting up Exchange monitoring in Netwrix Auditor.
- On the computer where the monitored Exchange server is installed, navigate to Start → Programs → Exchange Management Shell.
Execute the following command:
Set-EventLogLevel "MSExchangeIS\9000 Private\Logons" –Level Low
- Navigate to Start → Run and type "services.msc". In the Services snap-in, locate the Microsoft Exchange Information Store service and restart it.
NOTE: Perform the procedures below only if you do not want to enable the automatic audit configuration option when setting up monitoring in Netwrix Auditor.
You can configure auditing for:
- All mailboxes (User, Shared, Linked, Equipment, and Room mailbox)
- Selected mailboxes
NOTE: If you are going to audit multiple Exchange servers, repeat these steps for each audited Exchange server.
NOTE: If you are going to audit multiple individual mailboxes, repeat these steps for each mailbox on each Exchange server.