• Register to access and contribute content

Should Email Archiving Read Exchange Database, Not Journaling Log?

Most email archiving products for Microsoft Exchange get their messages by reading the journal. Newcomer Mimosa Systems(http://www.mimosasystems.com/) correctly points out that that’s a pity, because:

  • The journal is just a place that lists all the incoming and outgoing emails. It loses a lot of context information. So, for example, with this approach, you lose information on the folder the message was in, or movements of a message from folder to folder
  • Journaling imposes a big systems overhead

Instead, Mimosa’s approach to recovery/archiving/storage management is to read the Exchange database directly, and continuously. Sounds like a sensible idea.

For information on Exchange journalling, see http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/journaling.mspx.

David Ferris

One Comment

  1. Posted June 1, 2005 at 10:17 PM | Permalink

    Yup – I agree its a pity – but Mimosa is not the only one’s reading both. AfterMail does both. (disclaimer: I work for AfterMail) We get new messages from the Journaling process, and we also back load from Exchange, including all folder, public folder etc info.

    In my experience (no longer speaking for AfterMail – not that I was anyway), Journaling doesn’t put a lot of load on a server…. in recient testing, the load was very very small.

    It’s interesting the the MS article you link to says “wow, MS does this in 2003 SP1″ – um, yes. And 2003 RTM. And 2000. And 5.5. And GroupWise (ok, not MS….)….

    Ta for the interesting posting :)

  2. Sam Grater
    Posted August 5, 2005 at 2:24 PM | Permalink

    …and Cryoserver has been doing all that and more for three years. I know because KPMG Forensic bought it for that very purpose in 2002.

    Nothing new to see here. Move along now.

  3. Posted November 30, 2005 at 1:23 PM | Permalink

    Actually I think Cryoserver does a lot more than this. Any ‘compliance’ system that relies on capturing its data purely from Exchange (journal/store whatever) fails the very first test of forensic compliance. Use KVS/Legato or something proper for archiving Exchange, but use something else at the gateway to keep a real record of traffic. Exchange ISN’T the place to collect email.

Post a comment

You must be logged in to post a comment. To comment, first join our community.