Enterprise Vault™ Auditing

Last Published:
Product(s): Enterprise Vault (12.3)

About Enterprise Vault auditing

Enterprise Vault includes flexible auditing that you can enable for individual Enterprise Vault servers. The auditing data is written to a SQL Server database - you can have a single audit database for all Enterprise Vault servers in a site.

Enterprise Vault auditing records the following:

  • The time an event occurred

  • The account that initiated the activity

  • The archive in which an item was archived

  • The category of the event, such as View, Archive, or Delete

You can enable auditing for a number of different types of event, showing for example, details of the following:

  • Actions taken using the Administration Console

  • Searches

  • Viewing an item

  • Deletions

For most types of event you can specify detail levels of Summary or Details, or both:

  • Summary gives information about the event, such as the date and time, account used, vault used.

  • Details lists more information, such as extracts from the content of a message, for example Subject, Mailbox Owner, and Folder.

You can view the audit database entries using SQL queries, or use the Audit Viewer utility.

Enterprise Vault provides PowerShell cmdlets for managing Enterprise Vault SQL databases. See the PowerShell cmdlets guide for more information.

Note that there will be a slight reduction in performance when you enable auditing.

Auditing is disabled by default.