RuleEngine Configuration simplifies the entire process of extracting the required information from the event logs. It is a rule engine that defines "Actions" for each category of reports, parses the event log and pulls out the required information based on the input rules configured. These actions are a collection of one or more "Rule Groups" that define a set of filtering rules for extracting the data from the logs. Once the filtering rules are satisfied as configured in the action, the required data is successfully extracted from the logs in a much more convenient way than the conventional way of reading form the logs. The "Rule Groups" can be configured to either satisfy all or any of the filtering rules. An action can be associated with multiple "Rule Groups" as well.
The various categories with the pre-configured actions include the following:
Mailbox Logon Category
Mailbox Permission Change Category
Mailbox Properties Change Category
Organization Change Category
Mailbox Logon Category
The preconfigured actions for Mailbox Logon Category include the following:
|
Action |
Description |
|
Self-Logon Events |
This action extracts the mailbox self-logon data from the logs based on the rules configured. |
|
Non-Owner Logon Events |
This action is configured to get data on non-owner users who gained access to the other user mailboxes. |
To configure a new Mailbox Logon Action,
Click on "New Mailbox Logon Action".
Give the action a name and a description.
Enter a Rule group name.
A rule group is a collection of filter rules. Specify the filter rules. The filter rules can be created with the help of the variables listed. These variables differ based on the category. The group of filter rules is combined based on the logical operators: "AND" and "OR".
You can also add more than one rule group for an action using the "Add Rule Group" option.
Save the configured action.
Mailbox Permission Change Category
The actions under Mailbox Permission Change Category include the following:
|
Action |
Description |
|
Mailbox Permission Modified 2003 |
This action can be configured for getting data on users who changed the mailbox permissions in Windows Server 2003 environment. |
|
Mailbox Permission Modified 2008 |
This action can be configured for getting data on users who changed the mailbox permissions in Windows Server 2008 environment. |
To configure a new Mailbox Permission Change action, the same set of steps as mentioned in Mailbox Logon Action creation can be followed.
Mailbox Properties Change Category
The actions under Mailbox Properties Change category that are pre-configured include the following:
|
Action |
Description |
|
Mailbox Quota Modified 2003 |
This action gets data on users who changed the mailbox quota limits in Windows Server 2003 environment. |
|
Mailbox Quota Modified 2008 |
This action gets data on users who changed the mailbox quota limits in Windows Server 2008 environment. |
To configure a new Mailbox Properties Change action, the same set of steps as mentioned in Mailbox Logon Action creation can be followed.
Organization Change Category
The actions configured under this category include the following:
|
Action |
Description |
|
Mailbox Store Mounted |
An action to extract data about all the mailbox stores that were mounted with the timestamp details. |
|
Mailbox Store Dismounted |
An action to extract data about all the mailbox stores that were dismounted with the timestamp details. |
|
Public Store Mounted |
An action to extract data about all the public stores that were mounted with the timestamp details. |
|
Public Store Dismounted |
An action to extract data about all the public stores that were dismounted with the timestamp details. |
To configure a new Organization Change action, the same set of steps as mentioned in Mailbox Logon Action creation can be followed.