The email server Circular Logging must be disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
EXCH-MB-406	EXCH-MB-406	EXCH-MB-406_rule		Low

Description
Logging provides a history of events performed, and can also provide evidence of tampering or attack. Failure to create and preserve logs adds to the risk that suspicious events may go unnoticed, or the raise the potential that insufficient history will be available to investigate them. This setting controls how log files are written. If circular logging is enabled, there is one log file for this storage group with a maximum size of (for example, 5MB). Once the size limit has been reached, additional log entries begin overwriting the oldest log entries. If circular logging is disabled, once a log file reaches the size limit, a new log file is created. Back-End Servers should not use circular logging. Logs should be written to a partition separate from the operating system, with log protection and backups being incorporated into the overall System Security plan. Front-End Servers may opt to use circular logging, as message content is significantly less, and not of a critical nature.

Description

Logging provides a history of events performed, and can also provide evidence of tampering or attack. Failure to create and preserve logs adds to the risk that suspicious events may go unnoticed, or the raise the potential that insufficient history will be available to investigate them. This setting controls how log files are written. If circular logging is enabled, there is one log file for this storage group with a maximum size of (for example, 5MB). Once the size limit has been reached, additional log entries begin overwriting the oldest log entries. If circular logging is disabled, once a log file reaches the size limit, a new log file is created. Back-End Servers should not use circular logging. Logs should be written to a partition separate from the operating system, with log protection and backups being incorporated into the overall System Security plan. Front-End Servers may opt to use circular logging, as message content is significantly less, and not of a critical nature.

STIG	Date
Microsoft Exchange 2010 Mailbox Server Role	2012-05-31

Details

Check Text ( C-_chk )
Open the Exchange Management Shell and enter the following command. Get-MailboxDatabase -Server <'ServerUnderReview'>\| Select Name, Identity, CircularLoggingEnabled If the value of "CircularLoggingEnabled" is not set to "False", this is a finding.

Fix Text (F-_fix)
Open the Exchange Management Shell and enter the following command. Set-MailboxDatabase -Identity <'MailboxDatabase'> -CircularLoggingEnabled $false