Programming4us
         
 
 
Applications Server

Exchange Server 2010 : Performing Tracking and Logging Activities in an Organization (part 1) - Using Message Tracking

8/16/2011 3:56:24 PM
This section examines message tracking, protocol logging, and diagnostic logging. You use these features to monitor Exchange Server and to troubleshoot messaging problems.

1. Using Message Tracking

You use message tracking to monitor the flow of messages into and out of an organization and within it. With message tracking enabled, Exchange Server maintains daily log files, with a running history of all messages transferred within an organization. You use the logs to determine the status of a message, such as whether a message has been sent, has been received, or is waiting in the queue to be delivered. Because Exchange Server handles postings to public folders in much the same way as e-mail messages, you can also use message tracking to monitor public folder usage.


Tip:

Tracking logs can really save the day when you're trying to troubleshoot delivery and routing problems. The logs are also useful in fending off problem users who blame e-mail for their woes. Generally speaking, users can't claim they didn't receive e-mails if you can find the messages in the logs. That said, if you use third-party applications that integrate with Outlook, those applications could potentially delete messages before the user sees them.


1.1. Configuring Message Tracking

By default, all Hub Transport, Edge Transport and Mailbox servers perform message tracking. You can enable or disable message tracking on a per-server basis by setting the –MessageTrackingLogEnabled parameter of the Set-TransportServer cmdlet to $true or $false, as appropriate. The following example disables message tracking on MailServer16:

Set-TransportServer -Identity "MailServer16"
-MessageTrackingLogEnabled $false


Tip:

You can configure basic message tracking options in the Exchange Management Console. Expand the Server Configuration node and then select the Hub Transport node. In the main pane, double-click the server you want to configure to display the related Properties dialog box. On the Log Settings tab, select or clear the Enable Message Tracking Log check box. If you enable message tracking, you can enter the desired directory path for logging as well or accept the default setting.


Each Transport and Mailbox server in your organization can have different message tracking settings that control

  • Where logs are stored

  • How logging is performed

  • The maximum log size and maximum log directory size

  • How long logs are retained

By default, message tracking logs are stored in the %ExchangeInstallPath%\TransportRoles\Logs\MessageTracking directory. Generally, message tracking does not have high enough input/output activity to warrant a dedicated disk. However, in some high usage situations, you might want to move the tracking logs to a separate disk. Before you do this, however, you should create the directory you want to use and set the following required permissions:

  • Full Control For Administrator

  • Full Control For Local System

  • Read, Write, And Delete Subfolders And Files For Network Service

After you've created the directory and set the required permissions, you can change the location of the tracking logs to any local directory by setting the –MessageTrackingLogPath parameter of the Set-TransportServer cmdlet to the desired local directory. The following example sets the message tracking directory as G:\Tracking on MailServer16:

Set-TransportServer -Identity "MailServer16"
-MessageTrackingLogPath "G:\Tracking"


Note:

When you change the location of the message tracking directory, Exchange Server does not copy any existing tracking logs from the old directory to the new one. You must manually copy the old logs to the new location if you want all the logs to be in the same location.


By default, all Hub Transport, Edge Transport, and Mailbox servers perform extended message tracking, which allows you to perform searches based on message subject lines, header information, sender, and recipient. If you don't want to collect information on potentially sensitive subject lines, you can disable subject line tracking by setting the –MessageTrackingLogSubjectLoggingEnabled parameter of the Set-TransportServer cmdlet to $false, as shown in the following example:

Set-TransportServer -Identity "MailServer16"
-MessageTrackingLogSubjectLoggingEnabled $false

Exchange Server continues to write to message tracking logs until a log grows to a specified maximum size, at which point Exchange Server creates a new log and then uses this log to track current messages. By default, the maximum log file size is 10 megabytes (MB). You can change this behavior by setting the –MessageTrackingLogMaxFileSize parameter to the desired maximum file size. You must qualify the desired file size using B for bytes, KB for kilobytes, MB for megabytes, or GB for gigabytes. The following example sets the message log file size to 50 MB:

Set-TransportServer -Identity "MailServer16"
-MessageTrackingLogMaxFileSize "50MB"

Exchange Server overwrites the oldest message tracking logs automatically when tracking logs reach a maximum age or when the maximum log directory size is reached. By default, the maximum age is 30 days and the maximum log directory size is 250 MB. You can use the –MessageTrackingLogMaxAge parameter to set the maximum allowed age in the following format:

DD.HH:MM:SS

where DD is the number of days, HH is the number of hours, MM is the number of minutes, and SS is the number of seconds. The following example sets the maximum age for logs to 90 days:

Set-TransportServer -Identity "MailServer16"
-MessageTrackingLogMaxAge "90.00:00:00"

You can set the maximum log directory size using the –MessageTrackingLogMaxDirectorySize parameter. As with the maximum log file size, the qualifiers are B, KB, MB, and GB. The following example sets the maximum log directory size to 2 GB:

Set-TransportServer -Identity "MailServer16"
-MessageTrackingLogMaxDirectorySize "2GB"

1.2. Searching Through the Tracking Logs

The tracking logs are useful in troubleshooting problems with routing and delivery. In the Exchange Management Shell, you use Get-MessageTrackingLog to search through the message tracking logs. The related syntax is:

Get-MessageTrackingLog [-Start DateTime] [-Server ServerId]
[-End DateTime] {AddtlParams}

{AddtlParams}
[-DomainController DCName] [-EventId {"BadMail" | "Defer" | "Deliver" |
"DSN" | "Expand" | "Fail" | "PoisonMessage" | "Receive" | "Redirect" |
"Resolve" | "Send" | "Submit" | "Transfer"} ] [-InternalMessageId
MessageTrackingLogId] [-MessageId MessageId] [-MessageSubject
Subject] [-Recipients SMTPEmailAddress1, SMTPEmailAddress2,...]
[-Reference ReferenceField] [-ResultSize NumEntriesToReturn]
[-Sender SMTPEmailAddress]

These parameters allow you to search the message tracking logs in several ways:

  • By message ID

  • By sender

  • By recipients

  • By server that processed the messages

  • By event ID

  • By date

  • By message subject

To begin a search, you must specify one or more of the previously listed identifiers as the search criteria. You must also identify a server in the organization that has processed the message in some way. This server can be the sender's server, the recipient's server, or a server that relayed the message.

You set the search criteria using the following parameters:

  • –End Sets the end date and time for the search.

  • –EventID Specifies the ID of the event for which you want to search, such as a RECEIVE, SEND, or FAIL event.

  • –InternalMessageID Specifies the ID of the message tracking log entries for which you want to search.

  • –MessageID Specifies the ID of the message for which you want to search.

  • –MessageSubject Specifies the subject of the message for which you want to search.

  • –Recipients Sets recipient's SMTP e-mail address or addresses to return

  • –Reference Specifies the reference field value within the message for which you want to search.

  • –Sender Sets the sender's SMTP e-mail address (listed in the From field of the message) to return.

  • –Server Sets the name of the Transport or Mailbox server that contains the message tracking logs to be searched.

  • –Start Sets the start date and time for the search.

Using the –Start and –End parameters, you can search for messages from a starting date and time to an ending date and time. Using the –Server parameter, you specify the server to search. Consider the following example:

Get-MessageTrackingLog -Start "05/25/2010 5:30AM"
-End "05/30/2010 7:30PM" -Server MailServer18 -Sender daved@cpandl.com

In this example, you search for a messages sent by DaveD@Cpandl.com between 5:30 A.M. May 25, 2010 and 7:30 P.M. May 30, 2010.


Note:

Keep in mind that only messages that match all of the search criteria you've specified are displayed. If you want to perform a broader search, specify a limited number of parameters. If you want to focus the search precisely, specify multiple parameters.


1.3. Reviewing Message Tracking Logs Manually

Exchange Server creates message tracking logs daily and stores them by default in the %ExchangeInstallPath%\TransportRoles\Logs\MessageTracking directory. For US-English, each log file is named by the date on which it was created, using one of these formats:

  • MSGTRKYYYYMMDD-N.log, such as MSGTRK20100325-1.log for the first log created on March 25, 2010.

  • MSGTRKMYYYYMMDD-N.log, such as MSGTRKM20100325-1.log for the first log created on March 25, 2010.

The message tracking log stores each message event on a single line. The information on a particular line is organized by comma-separated fields. Logs begin with a header that shows the following information:

  • A statement that identifies the file as a message tracking log file

  • The version of the Exchange Server that created the file

  • The date on which the log file was created

  • A comma-delimited list of fields contained in the body of the log file

Table 1 summarizes message event fields and their meaning. Not all of the fields are tracked for all message events.

Table 1. Message Tracking Log Fields
LOG FIELDDESCRIPTION
Client-hostnameThe hostname of the client making the request
Client-ipThe IP address of the client making the request
Connector-idThe identity of the connector used
Custom-DataOptional custom data that was logged
Date-TimeThe connection date and time
DirectionalityAn indication of the source of the message
Event-idThe type of event being logged, such as Submit
Internal-message-idThe internal identifier used by Exchange to track the message
Message-idThe message identifier
Message-infoAny related additional information on the message
Message-subjectThe subject of the message
Original-client-ipThe IP address for the original client
Original-server-ipThe IP address for the original server
Recipient-addressThe e-mail addresses of the message recipients
Recipient-countThe total number of recipients
Recipient-statusThe status of the recipient e-mail address
ReferenceThe references, if any
Related-recipient-addressThe e-mail addresses of any related recipients
Return-pathThe return path on the message
Sender-addressThe distinguished name of the sender's e-mail address
Server-hostnameThe server on which the log entry was generated
Server-ipThe IP address of the server on which the log entry was generated
SourceThe messaging component for which the event is being logged, such as StoreDriver
Source-contextThe context of the event source
Tenant-idA tenant identifier
Total-bytesThe total size of the message in bytes

You can view the message tracking log files with any standard text editor, such as Microsoft Notepad. You can also import the message tracking log files into a spreadsheet or a database. Follow these steps to import a message tracking log file into Microsoft Office Excel:

  1. Start Excel 2007 or Excel 2010. Click the Microsoft Office button and then click Open. Use the Open dialog box to select the message tracking log file you want to open. Set the file type as All Files (*.*), select the log file, and then click Open.

  2. The Text Import Wizard starts automatically. Click Next. On the Delimiters list, choose Comma. Click Next and then click Finish.

  3. The log file should now be imported. You can view, search, and print the message tracking log as you would any other spreadsheet.

Other -----------------
- Exchange Server 2010 Maintenance, Monitoring, and Queuing : Understanding Troubleshooting Basics
- Extending Microsoft Dynamics CRM 4.0 : Examples
- Extending Microsoft Dynamics CRM 4.0 : IFrames
- BizTalk 2009 : Using XML Namespaces (part 3) - Using System Property Schemas
- BizTalk 2009 : Using XML Namespaces (part 2) - Using Port Filters and Content-Based Routing
- BizTalk 2009 : Using XML Namespaces (part 1) - Understanding Property Promotions
- BizTalk 2009 : Understanding the Message Bus
- Active Directory Domain Services 2008 : Determine Global Catalog Servers
- BizTalk Server 2006 Operations : Disaster Recovery
- Configuring and Using Active Directory Rights Management Services
- Microsoft Dynamics GP 2010 : Installing the Dynamics GP 2010 application
- Microsoft Dynamics GP 2010 : Installing Microsoft SQL Server for Dynamics GP
- Starting a New BizTalk 2009 Project : BizTalk Naming Conventions
- Starting a New BizTalk 2009 Project : BizTalk Assembly Naming and Versioning
- Microsoft Dynamics AX 2009 : Working with Forms - Adding form splitters
- Microsoft Dynamics AX 2009 : Working with Forms - Building dynamic form
- Starting a New BizTalk 2009 Project : Creating a Build-and-Integration Environment (part 2) - Using Test-Driven Development & Creating a BizTalk Installation Package
- Starting a New BizTalk 2009 Project : Creating a Build-and-Integration Environment (part 1) - Five-Step Build Process
- Exchange Server 2010 : Manage Database Redundancy (part 3) - Manage Database Availability
- Exchange Server 2010 : Manage Database Redundancy (part 2) - Manage Database Replication
 
 
Most View
- jQuery 1.3 : AJAX - Keeping an eye on the request
- Microsoft ASP.NET 3.5 : Writing HTTP Handlers (part 4) - Serving Images More Effectively
- Implementing Windows Vista’s Internet Security and Privacy Features (part 5) - Encoding Addresses to Prevent IDN Spoofing
- Active Directory Domain Services 2008: View Settings Defined in Password Settings Objects
- SharePoint 2010 : Specify Totals for a View
- Windows Server 2008 : Controlling Access to Web Services (part 10) - Configuring .NET Trust Levels
- Windows Phone 7 : Uninstalling an App
- Windows Home Server 2011 : Controlling Services (part 2) - Controlling Services at the Command Prompt, Controlling Services with a Script
- SQL Injection Attacks and Defense : Executing Operating System Commands
- Windows Server : Configuring TS RemoteApp
Top 10
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 3) - Configuring Recipient Filtering
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 2)
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 1)
- Implementing Edge Services for an Exchange Server 2007 Environment : Installing and Configuring the Edge Transport Server Components
- What's New in SharePoint 2013 (part 7) - BCS
- What's New in SharePoint 2013 (part 6) - SEARCH
- What's New in SharePoint 2013 (part 6) - WEB CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 5) - ENTERPRISE CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 4) - WORKFLOWS
- What's New in SharePoint 2013 (part 3) - REMOTE EVENTS