Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1016 Source: MSExchangeISPrivate

NT User EFFH\backupexec logged on to Administrator mailbox, and is not the primary Windows NT account on this mailbox.
This problem may occur if you use another user's mailbox in Outlook 2002. See ME812007 for more information about this issue.

Some antivirus software requires that you use an Exchange Service Admin account, so it can open and scan all mailboxes. This causes Event ID 1016 to be logged for each mailbox. See "JSI Tip 1789" for details.
As per Microsoft: "This event is logged even if you have been granted permission to access the mailbox, and even when you successfully access the mailbox. However, this event is not logged if a primary Windows NT account is not assigned to the user's mailbox". There are several Microsoft articles with information about this event: ME147362, ME173692, ME239081, ME244305, ME274317, ME280527 and ME301328.
This is a normal event and it will be logged in the Event Log regardless of the level that the diagnostics logging is set to on the Information Store. For example a backup software performing backup at the mailbox level will cause Exchange to generate such events.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.