02-28-2013 05:36 PM
Hi,
As part of the Environment Security Initiative by the security team, is there any way to audit who has been doing what on the EV server ?
this is to know if someone got access to the Vault has been doing sensitive data snooping / searching.
Especially from the http://EV-Server-VM/EnterpriseVault/search.asp page.
Solved! Go to Solution.
03-01-2013 06:07 AM
If you turn Auditing on it will create a SQL database. You will then enable the categories you wish to audit. Just be sure to keep an eye on the Audit db size and trim it every once in awhile.
This will allow you to capture the information you are looking for in one place and not have to go though IIS logs.
02-28-2013 06:21 PM
Do you have Auditing enabled?
Article:HOWTO56897 | | | Created: 2011-08-01 | | | Updated: 2013-01-18 | | | Article URL http://www.symantec.com/docs/HOWTO56897 |
Particularly Advanced Search:
Advanced Search
Records details of searches performed using Outlook or the Web Access application, including the terms used and the number of items found.
02-28-2013 08:24 PM
well at the site level it seems that the audit is off.
what is the implication if it is ON ?
02-28-2013 11:30 PM
If it's on then you can enable at the server level various auditing options.
You can also 'mine' the IIS logs.
03-01-2013 06:07 AM
If you turn Auditing on it will create a SQL database. You will then enable the categories you wish to audit. Just be sure to keep an eye on the Audit db size and trim it every once in awhile.
This will allow you to capture the information you are looking for in one place and not have to go though IIS logs.
03-04-2013 03:40 PM
Many thanks for the advice Tony, so in this case the audit isn't turned on by default.
plus by logon to the EV server as the EV service account, anyone can browse through anyone's the email.
03-04-2013 06:02 PM
The EV service account does not have access by default. Someone would have to grant permission for themselves on an archive to be able to search it.
03-05-2013 02:24 PM
Tony, yes you are right, many thanks for the advice.