[logs] Exchange Logging

[Philip Webster]

Just wondering how people handle Exchange logs ...

For *nix boxen we use a combination of syslog and remote copy via SSH, 
and we can do the same for Windows but are not sure how effective it 
will be for Exchange.  The Exchange message tracking GUI seems to be the 
preferred way to handle things, but again we're not too sure of how 
effective it will be.

We store logs for 7 years which is quite simple to manage when they're 
all compressed text files on a central log server, but I imagine disk 
space will become an issue if we're storing that much data on live 
Exchange servers.

MOM isn't really an option for us at the moment (but may be in the future).

So do you centralise your logs?  Use message tracking?  Or ...?  Is 
there third-party (free/open?) software which you use for analysing the 
logs?

Happy to summarise responses for the list.

Thanks
Phil

-- 

Philip Webster, IT Security Engineer
Queensland University of Technology