SMTP Virtual Server Audit Records are not directed to a separate partition.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18710	EMG2-825 Exch2K3	SV-20360r1_rule	ECSC-1	Medium

Description
Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. This setting controls the location of the SMTP Virtual Server log file. By default, these files will be stored in \WINNT\SYSTEM32\LOGFILES\SMPTVSx (where x is a number used to distinguish between virtual servers in this organization). The drop-down menu is used to select the format of the log file. The properties button next to this dropdown displays configuration information specific to the type of log format selected, but usually has some control to indicate the log rotation schedule (that is, how often the old log file should be closed and a new log file should be started). It is required that all log files be written to separate partitions from those used by the Exchange Stores and separate also from the Operating System. Exchange will dismount its stores if it detects that it has run out of disk space, resulting in a complete loss of Exchange services. To minimize the chance of this happening, log files should write to a separate partition so that if the logs fill this partition it will not result in the failure of Exchange.

Description

Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. This setting controls the location of the SMTP Virtual Server log file. By default, these files will be stored in \WINNT\SYSTEM32\LOGFILES\SMPTVSx (where x is a number used to distinguish between virtual servers in this organization). The drop-down menu is used to select the format of the log file. The properties button next to this dropdown displays configuration information specific to the type of log format selected, but usually has some control to indicate the log rotation schedule (that is, how often the old log file should be closed and a new log file should be started). It is required that all log files be written to separate partitions from those used by the Exchange Stores and separate also from the Operating System. Exchange will dismount its stores if it detects that it has run out of disk space, resulting in a complete loss of Exchange services. To minimize the chance of this happening, log files should write to a separate partition so that if the logs fill this partition it will not result in the failure of Exchange.

STIG	Date
Microsoft Exchange Server 2003	2014-08-19

Details

Check Text ( C-22428r1_chk )
Interview the E-mail Administrator (EMA) or the System Administrator. Ascertain the partition identifier for the operating system and the Mailbox data partitions. Review the log file configuration. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group}>> Servers >> [server] >> SMTP >> [specific SMTP server] >> Properties >> General tab >> Properties button The “Enable Logging” checkbox in the log file directory box should be selected. The log file path should NOT be the default path (\WINNT\SYSTEM32\LOGFILES\SMPTSVCx (where x is a number used to distinguish between virtual servers in this organization) or on the Mailbox Data partition. Criteria: If SMTP Virtual Servers log is written to a partition that is NOT \WINNT\SYSTEM32\LOGFILES\SMPTSVCx, and also NOT the Mailbox Data partition, this is not a finding.

Check Text ( C-22428r1_chk )

Interview the E-mail Administrator (EMA) or the System Administrator. Ascertain the partition identifier for the operating system and the Mailbox data partitions. Review the log file configuration.

Procedure: Exchange System Manager >> Administrative Groups >> [administrative group}>> Servers >> [server] >> SMTP >> [specific SMTP server] >> Properties >> General tab >> Properties button

The “Enable Logging” checkbox in the log file directory box should be selected.

The log file path should NOT be the default path (\WINNT\SYSTEM32\LOGFILES\SMPTSVCx (where x is a number used to distinguish between virtual servers in this organization) or on the Mailbox Data partition.

Criteria: If SMTP Virtual Servers log is written to a partition that is NOT \WINNT\SYSTEM32\LOGFILES\SMPTSVCx, and also NOT the Mailbox Data partition, this is not a finding.

Fix Text (F-19356r1_fix)
Configure SMTP Virtual Server log location. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group}>> Servers >> [server] >> SMTP >> [specific SMTP server] >> Properties >> General tab >> Properties button Select the “Enable Logging” checkbox. Enter the log file location. Ensure that the log file path is other than the operating system partition, and other than the Exchange 2003 Mailbox data partition.

Fix Text (F-19356r1_fix)

Configure SMTP Virtual Server log location.

Procedure: Exchange System Manager >> Administrative Groups >> [administrative group}>> Servers >> [server] >> SMTP >> [specific SMTP server] >> Properties >> General tab >> Properties button

Select the “Enable Logging” checkbox.

Enter the log file location. Ensure that the log file path is other than the operating system partition, and other than the Exchange 2003 Mailbox data partition.