Tilted Forum Project Discussion Community - View Single Post

vanblah · 11-14-2005, 08:27 PM

OK. Before I start let me tell you that it's not MY idea to be running Exchange. That edict was handed down to me by the powers-that-be.

I'm currently in the middle of a 14 hour day ... yep, I'm facing another possible 14 hours before i can go home ... I've been on the phone with Microsoft for about 3 hours now. They're looking into it.

Basically, at around 5:30PM, all the trans. logs for Exchange just disappeared. For every database. Here's the kicker ... we DON'T have file level antivirus running on that server (we do use a product designed specifically for Exchange by Symantec); there was no power outage; there is no hard drive failure. Just ***POOF*** the log files are all gone. Anyone ever seen that?

Here's where it gets worrisome. The Event logs were all cleared at around 5:30 as well as the W3SVC log files. It's as if someone or something erased them ... scary. We have no idea what happened before that time.

My only recourse is to restore from yesterday's backup (today's hasn't run yet). We'll lose all of today's email.

Of course, we could repair and defrag the db's but that would take about another 20 or so hours (70GB of dbs).

So my questions are: ... has anyone ever witnessed Exchange log files just vanish AND what are your thoughts on the possibility that we were compromised? We don't have a wide open firewall ... but port 80 is open of course ... on the Exchange server. I'd love to run a FE/BE set up (or no Exchange at all) but we don't have the money for that.

On the bright side: I get to stay home tomorrow ... and sleep.

Doug

11-14-2005, 08:27 PM	#1 (permalink)
vanblah Junkie	Exchange Server crashed big time OK. Before I start let me tell you that it's not MY idea to be running Exchange. That edict was handed down to me by the powers-that-be. I'm currently in the middle of a 14 hour day ... yep, I'm facing another possible 14 hours before i can go home ... I've been on the phone with Microsoft for about 3 hours now. They're looking into it. Basically, at around 5:30PM, all the trans. logs for Exchange just disappeared. For every database. Here's the kicker ... we DON'T have file level antivirus running on that server (we do use a product designed specifically for Exchange by Symantec); there was no power outage; there is no hard drive failure. Just *POOF* the log files are all gone. Anyone ever seen that? Here's where it gets worrisome. The Event logs were all cleared at around 5:30 as well as the W3SVC log files. It's as if someone or something erased them ... scary. We have no idea what happened before that time. My only recourse is to restore from yesterday's backup (today's hasn't run yet). We'll lose all of today's email. Of course, we could repair and defrag the db's but that would take about another 20 or so hours (70GB of dbs). So my questions are: ... has anyone ever witnessed Exchange log files just vanish AND what are your thoughts on the possibility that we were compromised? We don't have a wide open firewall ... but port 80 is open of course ... on the Exchange server. I'd love to run a FE/BE set up (or no Exchange at all) but we don't have the money for that. On the bright side: I get to stay home tomorrow ... and sleep. Doug