Message Tracking Logging must be disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
EXCH-MB-408	EXCH-MB-408	EXCH-MB-408_rule		Medium

Description
A message tracking log provides a detailed log of all message activity as messages are transferred to and from a computer running Exchange. Message tracking is available on Hub Transport servers, Edge Transport servers, and Mailbox servers. By default, message tracking is enabled. If events are not recorded it may be difficult or impossible to determine the root cause of system problems or the unauthorized activities of malicious users.

Description

A message tracking log provides a detailed log of all message activity as messages are transferred to and from a computer running Exchange. Message tracking is available on Hub Transport servers, Edge Transport servers, and Mailbox servers. By default, message tracking is enabled. If events are not recorded it may be difficult or impossible to determine the root cause of system problems or the unauthorized activities of malicious users.

STIG	Date
Microsoft Exchange 2010 Mailbox Server Role	2012-05-31

Details

Check Text ( C-_chk )
Open the Exchange Management Shell and enter the following command. Get-MailboxServer \| Select Name, Identity, MessageTrackingLogEnabled If the value of "MessageTrackingLogEnabled" is not set to "False", this is a finding.

Fix Text (F-_fix)
Open the Exchange Management Shell and enter the following command. Set-MailboxServer -Identity <'ServerName'> -MessageTrackingLogEnable "False"