EX16-MB-000070 - Exchange Circular Logging must be disabled.

Information

Logging provides a history of events performed and can also provide evidence of tampering or attack. Failure to create and preserve logs adds to the risk that suspicious events may go unnoticed and raises the potential that insufficient history will be available to investigate them.

This setting controls how log files are written. If circular logging is enabled, one log file is stored with a default size of 1024 KB. Once the size limit has been reached, additional log entries overwrite the oldest log entries. If circular logging is disabled, once a log file reaches the size limit, a new log file is created.

Mailbox should not use circular logging. Logs should be written to a partition separate from the operating system, with log protection and backups being incorporated into the overall System Security Plan.

Solution

Open the Exchange Management Shell and enter the following command:

Set-MailboxDatabase -Identity <'IdentityName'> -CircularLoggingEnabled $false

Note: The <IdentityName> value must be in single quotes.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Exchange_2016_Y21M07_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-3, CAT|III, CCI|CCI-000133, Rule-ID|SV-228360r612748_rule, STIG-ID|EX16-MB-000070, STIG-Legacy|SV-95345, STIG-Legacy|V-80635, Vuln-ID|V-228360

Plugin: Windows

Control ID: fd79b0aab8f64cececaf2e35a4e45a9ebcc133706c9fee33db4ce15ac3b30fdf