Enterprise Vault™ Auditing
- About this guide
- Introducing Enterprise Vault auditing
- Setting up auditing
- Viewing the audit database entries
- Viewing the audit database entries using Audit Viewer
- Viewing the audit database entries using SQL queries
- Auditing for data protection compliance
- Appendix A. Format of audit database entries
About Enterprise Vault auditing
Enterprise Vault includes flexible auditing that you can enable for individual Enterprise Vault servers. The auditing data is written to a SQL Server database - you can have a single audit database for all Enterprise Vault servers in a site.
Enterprise Vault auditing records the following:
The time an event occurred
The account that initiated the activity
The archive in which an item was archived
The category of the event, such as View, Archive, or Delete
You can enable auditing for a number of different types of event, showing for example, details of the following:
Actions taken using the Administration Console
Viewing an item
For most types of event you can specify detail levels of Summary or Details, or both:
Summary gives information about the event, such as the date and time, account used, vault used.
Details lists more information, such as extracts from the content of a message, for example Subject, Mailbox Owner, and Folder.
You can view the audit database entries using SQL queries, or use the Audit Viewer utility.
Enterprise Vault provides PowerShell cmdlets for managing Enterprise Vault SQL databases. See the PowerShell cmdlets guide for more information.
Note that there will be a slight reduction in performance when you enable auditing.
Auditing is disabled by default.