What is it you are trying to capture in the Audit? Exchange 2003 security logging is pitiful at best, not sure if 2007 is any better yet.