• State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 20 subscribers
  • Views 5010 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Searching for email subject in audit log

gh_359
over 6 years ago

In ChangeAuditor (for Exchange) ver 6.9.3, is there a way to locate an event based on the subject line of the email message?  For example, several people have access to a shared mailbox. Someone improperly moved a message. The manager would like to know who moved that specific message, sometime over a 2 week period. The problem is that there are thousands of "non-owner moved a message" events over that given timeframe. It would be much easier if I could look for events based on the message subject.

  • 0 over 6 years ago
    hi there, initial answer to leveraging Change Auditor to filter by subject line is not a possible function. Recovery Manager for Exchange is used for email discovery.

    I'm talking with a systems consultant to see if there's a better resolution in using Change Auditor. It sounds like you'd want to filter your search by the users that have access to this shared mailbox, if you haven't already and then try and filter to description. Have you tried this to narrow the results?
  • 0 over 6 years ago
    I have tried narrowing the search, but still have thousands of results. Filtering by description didn't return matching subject lines. I'll try to fiddle around with that some more, maybe my filtering context is wrong.

    How about querying SQL? Any notes on a way to construct a sql query to pull out the subject line? I assume the subject line is in the database since it appears in the search results.