Exchange Circular Logging must be disabled.

From MS Exchange 2013 Mailbox Server Security Technical Implementation Guide

Associated with: CCI-000133

SV-84575r1_rule Exchange Circular Logging must be disabled.

Vulnerability discussion

Logging provides a history of events performed and can also provide evidence of tampering or attack. Failure to create and preserve logs adds to the risk that suspicious events may go unnoticed and raises the potential that insufficient history will be available to investigate them. This setting controls how log files are written. If circular logging is enabled, there is one log file stored with a default size of 1024 KB. Once the size limit has been reached, additional log entries overwrite the oldest log entries. If circular logging is disabled, once a log file reaches the size limit, a new log file is created. Mailbox should not use circular logging. Logs should be written to a partition separate from the operating system, with log protection and backups being incorporated into the overall System Security plan.

Check content

Open the Exchange Management Shell and enter the following command: Get-MailboxDatabase | Select Name, Identity, CircularLoggingEnabled If the value of CircularLoggingEnabled is not set to False, this is a finding.

Fix text

Open the Exchange Management Shell and enter the following command: Set-MailboxDatabase -Identity <'IdentityName'> -CircularLoggingEnabled $false Note: The value must be in quotes.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.