Audit journal searches
Is it possible to audit search queries if we give users access to the journal stores? So we can see who searched for what via Outlook or the Web search interface?
We don't have auditing configured but we have an EV mail archiving server and a dedicated journaling EV server. Do we need to enable it for both or just the server that handles the EV Journaling tasks?
Hello,
There is no documentation available. If you need backing on this statement, you might need to ask your legal/compliance department for assistance, as they should be aware of rules and regulations for your region. In addition, perhaps also the HR department. I do not believe either of these want users to access the journaled data, and be able to search for ANY item from ANYONE. For instance, would you like John Doe to search for all email from and to your CEO? Or perhaps from your manager? Including possible classified information send by email?
the whole idea of having a Journal archive (i.e. Journaled email) is to be able to deliver evidence in a case (be it officially legal, be it internal research) without having evidence tampered with. If you have not secured the Journal Archive well enough, there migth be a risk that information is tampered with. If a user (as mentioned above) holds a grudge (if that is the word), and decides to collect all mail from the board of directors, and then forward those to a newspaper, how would your management than feel?
I do appreciate the reluctance of your management. Perhaps you can ask your Veritas (sales) rep to come in and have a session on DA, and outline possible risks of not having that, and the risk of allowing users to search the Journal Archive.
