Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Exchange Server 2010 : Managing Logging (part 1) - Managing Connectivity Logging & Managing Protocol Logging

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
5/21/2011 11:44:16 AM

1. Managing Connectivity Logging

Connectivity logs record the connection activity of the outgoing message delivery queues. A connectivity log tracks connection activity from the sending queue to the destination Mailbox server, smart host, or domain. You can use both the EMC and the EMS to configure connectivity logging in Microsoft Exchange Server 2010. However, you must use the EMS to configure size and age restrictions on the connectivity log files.

1.1. Enabling or Disabling Connectivity Logging

Connectivity logging is disabled by default on Hub Transport or Edge Transport servers. To use the EMC to enable connectivity logging or disable it if it has already been enabled, carry out the following procedure:

  1. Open the EMS.

  2. On an Edge Transport server, click Edge Transport. On a Hub Transport server, expand Server Configuration and select Hub Transport.

  3. On the Actions pane, under the Transport server you want to configure, click Properties.

  4. On the Properties page, click the Log Settings tab.

  5. In the Connectivity Log section, shown in Figure 1, either select Enable Connectivity Log to enable connectivity logging or clear Enable Connectivity Log to disable connectivity logging.

    Figure 1. Log settings


  6. Click OK.

You can use the Set-TransportServer cmdlet to enable or disable connectivity logging. For example, the following command enables connectivity logging on the Hub Transport server VAN-EX1:

Set-TransportServer VAN-EX1 -ConnectivityLogEnabled $true

The following command disables connectivity logging on the Edge Transport server DEN-EX2:

Set-TransportServer DEN-EX2 -ConnectivityLogEnabled $false

1.2. Configuring the Location of the Connectivity Log Files

By default, the connectivity log files are stored in the C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\Connectivity directory. You can change this location, but the directory must be local to the Exchange Server 2010 computer.

To use the EMC to change the location of the connectivity log files, carry out the following procedure:

  1. Access the Log Settings tab of the hub or edge server Properties page, as described in the previous procedure, where you enabled or disabled connectivity logging.

  2. In the Connectivity Log section, click Browse next to Connectivity Log Path.

  3. In the Browse For Folder window, browse to the new location where you want to store the connectivity log files. If you want to create a folder, select a parent folder, click Make New Folder, and then type the name of the new folder. After you select or create a folder, click OK to close the Browse For Folder window.

  4. Click OK.

You can also use an EMS command to change the connectivity log file location. For example, the following command changes the location of the connectivity log file to C:\ConnectivityLogFile on the Hub Transport server VAN-EX1:

Set-TransportServer VAN-EX1 -ConnectivityLogPath "C:\ConnectivityLogFile"


Note:

DISABLING CONNECTIVITY LOGGING

If you set the value of the ConnectivityLogPath parameter to $null, this effectively disables connectivity logging. However, this can generate errors, and Microsoft does not recommend the procedure. If you want to disable connectivity logging, you should instead set the value of the ConnectivityLogEnabled parameter to $false, as described previously in this lesson.


1.3. Changing the Maximum Size of Individual Connectivity Log Files and the Connectivity Log Directory

The maximum size for each connectivity log file is by default 10 MB. When a connectivity log file reaches its maximum size, Exchange Server 2010 opens a new log file. This process continues until the connectivity log directory reaches its specified maximum size or a connectivity log file reaches its specified maximum age. After the maximum size or age limit is reached, circular logging deletes the oldest connectivity log files.

If you want to change the maximum size of individual connectivity log files, you need to use the EMS. You cannot use the EMC to perform this function. For example, the following command sets the maximum size of any connectivity log file on the hub server VAN-EX1 to 15 MB:

Set-TransportServer VAN-EX1 -ConnectivityLogMaxFileSize 15MB

Similarly, you can use the EMS but not the EMC to change the maximum size of the connectivity log directory. The default maximum size for the connectivity log directory is 250 MB. Circular logging deletes the oldest connectivity log files when either the connectivity log directory reaches its specified maximum size or a connectivity log file reaches its specified maximum age. The size of individual connectivity log files cannot be larger than the size of the entire directory (in practice, the individual file size will be much less than the directory size). The permitted range for both the individual log file size and the directory size is 1 through 9,223,372,036,854,775,807 bytes.

To change the maximum size of the connectivity log directory on the Hub Transport server VAN-EX1 to 300 MB, you would enter the following command:

Set-TransportServer VAN-EX1 -ConnectivityLogMaxDirectorySize 300MB

1.4. Changing the Maximum Age of the Connectivity Log Files

You can use the EMS but not the EMC to change the maximum age of the connectivity log files. The maximum age for any connectivity log file is 30 days by default. Circular logging deletes the oldest connectivity log files when the connectivity log directory reaches its specified maximum size and deletes a connectivity log file when that file reaches its specified maximum age.

You can specify an age value by entering it as a time span using the format dd.hh:mm:ss. The valid range for the ConnectivityLogMaxAge parameter is 00:00:00 through 24855.03:14:07. Setting the parameter value to 00:00:00 prevents the automatic removal of connectivity log files because they have reached a maximum age, although the oldest files will still be removed if the connectivity log directory reaches its specified maximum size.

The following command changes the maximum age of the connectivity log files on the Hub Transport server VAN-EX1 to 40 days:

Set-TransportServer VAN-EX1 -ConnectivityLogMaxAge 40.00:00:00


2. Managing Protocol Logging

Protocol logging logs the SMTP communication between email servers that occurs as part of message delivery. This traffic, known as SMTP conversations, occurs on Send connectors and Receive connectors configured on computers running Exchange Server 2010 that have the Hub Transport or Edge Transport server role installed.

Protocol logging is disabled on all Send and Receive connectors by default and is enabled or disabled on a per-connector basis. All the Receive connectors on a Hub Transport or Edge Transport server share the same protocol log files and protocol log options. Similarly, all the Send connectors on a Hub Transport or Edge Transport server share the same protocol log files and protocol log options. The Receive connector protocol log files and protocol log options are independent of the Send connector protocol log files and protocol log options on the same server.

By default, the Exchange 2010 server uses circular logging to limit the protocol logs based on file size and file age to help control the hard disk space used by the log files. You can perform the following configuration tasks for the protocol logs of all Send connectors or all Receive connectors on a Transport server:

  • Specify the location of the Send or Receive connector protocol log files.

  • Specify a maximum size for the Send or Receive connector protocol log files. The default size is 10 MB.

  • Specify a maximum size for the directory that contains the Send or Receive connector protocol log files. The default size is 250 MB.

  • Specify a maximum age for the Send or Receive connector protocol log files. The default maximum age is 30 days.

2.1. Configuring the Intraorganization Send Connector

The intraorganization Send connector is a special Send connector that exists on every Hub Transport server. It is implicitly created and invisible and requires no management. The intraorganization Send connector is used to relay messages to Exchange Server 2010 and Exchange Server 2007 Hub Transport servers, to Exchange Server 2003 servers, and to Edge Transport servers in the Exchange organization.

Protocol logging for the intraorganization Send connector is disabled by default. The following EMS command enables protocol logging for the intraorganization Send connector:

Set-TransportServer -IntraOrgConnectorProtocolLoggingLevel Verbose

The following command disables protocol logging for the intraorganization Send connector if this has previously been enabled:

Set-TransportServer -IntraOrgConnectorProtocolLoggingLevel None

If the IntraOrgConnectorProtocolLoggingLevel parameter of the Set-TransportServer cmdlet is set to Verbose, logging occurs in the Send connector protocol logs configured on the Hub Transport server. The information is written to the Send connector protocol log specified by the SendProtocolLog parameter.

2.2. Protocol Log File Structure

The default locations for the protocol log files are as follows:

  • Receive connector protocol log files are located at C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpReceive

  • Send connector protocol log files are located at C:\Program Files\Microsoft\Exchange Server\V14TransportRoles\Logs\ProtocolLog\SmtpSend

The naming convention for log files in each protocol log directory is prefixyyyymmdd-nnnn.log. The variables represent the following information:

  • The variable prefix is SEND for Send connectors or RECV for Receive connectors.

  • The variable yyyymmdd is the UTC date on which the log file was created.

  • The variable nnnn is an instance number that starts at the value of 1 for each day.

Information is written to the log file until the file size reaches its maximum specified value. At this point, a new log file with an incremented instance number opens. Circular logging deletes the oldest log files when the protocol log directory reaches its maximum specified size or when a log file reaches its maximum specified age.

The protocol log files are text files that contain data in CSV format. Each protocol log file has a header that contains the following information:

  • #Software The software that created the protocol log file. Typically, this value is Microsoft Exchange Server.

  • #Version The version number of the software that created the protocol log file. Currently, this value is 14.0.0.0.

  • #Log-Type The log type value, which is either SMTP Receive Protocol Log or SMTP Send Protocol Log.

  • #Date The UTC date-time when the log file was created. This is in the date-time format: yyyy-mm-ddThh:mm:ss.fffZ, where yyyy = year, mm = month, dd = day, hh = hour, mm = minute, ss = second, fff = fractions of a second, and Z signifies Zulu, which is another designation for UTC.

  • #Fields A comma-delimited list of names of the fields used in the protocol log files.

The protocol log stores each SMTP protocol event on a single line. The information stored on each line is organized into fields, separated by commas.

A single SMTP conversation represents the sending or receiving of a single email message. However, this generates multiple SMTP events that cause multiple lines to be written to the protocol log. Multiple SMTP conversations that represent the sending or receiving of multiple email messages can occur simultaneously, which creates interspersed protocol log entries. You need to use the session-id and sequence-number fields to identify protocol log entries by SMTP conversation.

2.3. Analyzing External Message Traffic

Send and Receive connectors handle external messages. Protocol logging records the SMTP conversations that occur between email servers as part of message delivery. If protocol logging is enabled, you can use protocol logs to generate reports on external message traffic. Protocol log files are in CSV format and can be read by report generation software.

You can determine fairly easily how many mailbox-enabled users are configured to use specific client protocols, for example, POP3, IMAP4, and OWA. It is more difficult to discover how much network traffic is being generated by these protocols. This requires a network monitoring tool such as Network Monitor (Netmon.exe).

You can use EMS commands based on the Get-CASMailbox cmdlet to list the client settings on a Client Access server.

You can specify parameters for the Get-CASMailbox cmdlet to get client settings for a single mailbox or for all mailbox-enabled users in an Active Directory OU. Also, the Get-CASMailbox cmdlet supports the Filter parameter, but properties such as OWAenabled and PopEnabled are not filterable. Therefore, you need to capture the client settings details and process the information in the report generation software or use the where-object (?) cmdlet. For example, as mentioned earlier in this lesson, the following command returns the client settings for all the mailboxes that have OWA enabled on the server on which the command runs:

Get-CasMailbox | ? { $_.OWAEnabled -eq $True }

2.4. Using the HTTP Monitoring Service

You can also generate reports specific to the OWA servers in your Exchange organization by using the HTTP Monitoring (HTTPMon) service. Although this utility has been around for some time, it remains a powerful tool for monitoring websites and applications and, in particular, OWA servers. You should be aware that HTTPMon exists, although it is not mentioned in the examination objectives.

HTTPMon can check several websites, OWA servers, or applications simultaneously and export the results to a log file in CSV format or to the Windows Server event log. After you install HTTPMon, you need to run HTTPMon Configuration Manager to configure global settings for your organization and add the OWA servers you want to monitor and for which you need to generate reports. HTTPMon runs a series of tests that generate CSV files that you review and analyze to detect problems with your OWA servers. You can also review the events logged by HTTPMon in Event Viewer.

2.5. Enabling and Disabling Protocol Logging

You can use the EMC or the EMS to enable or disable protocol logging on connectors. The following procedure describes how you enable use the EMC to enable protocol logging on a Hub Transport server:

  1. Open the EMC.

  2. Expand Server Configuration in the Console tree and click Hub Transport.

  3. In the Result pane, select the server that has the Receive connector that you want to modify and then click the Receive Connectors tab.

  4. Click the Receive connector you want to modify.

  5. Under the name of the Receive connector in the Actions pane, click Properties.

  6. On the General tab, use the drop-down box next to Protocol Logging Level to enable or disable protocol logging. Figure 2 shows protocol logging being enabled for the Default VAN-EX2 Receive connector on the VAN-EX2 Transport server.

    Figure 2. Using the EMC to enable protocol logging on a Receive connector


  7. Click OK.

The procedure to enable or disable protocol logging on Send connectors is similar, except that to access Send connectors, you expand Organization Configuration and click Hub Transport. You then click the Send Connectors tab.

You can also use the EMS to enable or disable protocol logging on connectors. For example, to enable protocol logging for the Default VAN-EX2 Receive connector, you would enter the following command:

Set-ReceiveConnector "Default VAN-EX2" -ProtocolLoggingLevel Verbose

To disable protocol logging for the Send connector MySendConnector, you would enter the following command:

Set-SendConnector MySendConnector -ProtocolLoggingLevel None

You can use the EMS but not the EMC to enable or disable protocol logging for the intraorganization Send connector. The following command enables protocol logging for the intraorganization Send connector on the Hub Transport server VAN-EX1:

Set-TransportServer -Identity VAN-EX1 -IntraOrgConnectorProtocolLoggingLevel Verbose

Note:

LOGGING LEVELS

The logging levels for protocol logging are Verbose and None. However, for diagnostic logs used for troubleshooting, you can specify a number of logging levels that control the events that are written to event logs. Diagnostic logging levels are discussed later in this lesson.


2.6. Changing the Location of Protocol Log Files

By default, the Receive connector protocol log files are located at C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpReceive, and the Send connector protocol log files are located at C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpSend. The directory must be local to the Exchange Server 2010 computer. You can use either the EMC or the EMS to change these locations.

To use the EMC to change the location of the Receive connector protocol log files on a Hub Transport server, carry out the following procedure:

  1. Open the EMC.

  2. In the Console tree, expand Server Configuration and select Hub Transport.

  3. In the Actions pane, click Properties directly under the server name.

  4. Click the Log Settings tab in the Properties dialog box.

  5. In the Protocol Log section, click Browse next to Receive Connector Protocol Log File Path.

  6. In the Browse For Folder window, shown in Figure 3, browse to the new location where you want to store the Receive connector protocol log files. If you want to create a folder, select a parent folder, click Make New Folder, and then type the name of the new folder. After you make your folder selection, click OK to close the Browse For Folder window.

    Figure 3. Browsing to a location for Receive connector protocol log files


  7. Click OK.

To change the location of the Send connector protocol log files on a Hub Transport server, the procedure is similar, except that you click Browse next to Send Connector Protocol Log File Path in the Protocol Log section of the Log Settings tab.

You can also use the EMS to change the location of the Receive connector and Send connector protocol log files and log directories. For example, to set the Receive connector protocol log directory to C:\ProtolcolLogs\Receive on the Hub Transport server VAN-EX1, you would enter the following command:

Set-TransportServer -Identity VAN-EX1 -ReceiveProtocolLogPath C:\ProtocolLogs\Receive


To change the location of the Send connector protocol log files directory to C:\ProtolcolLogs\Send on the Hub Transport server VAN-EX1, you would enter the following command:

Set-TransportServer -Identity VAN-EX1 -SendProtocolLogPath C:\ProtocolLogs\Send



Note:

DISABLING PROTOCOL LOGGING

Setting the value of the SendProtocolLogPath parameter or ReceiveProtocolLogPath parameter to $null disables protocol logging for all Send connectors and all Receive connectors, respectively, on the server. However, if you set either of these parameters to $null when protocol logging is enabled on any Receive connector or any Send connector, including the intraorganization Send connector, this can generate event log errors.

Microsoft therefore recommends that you disable protocol logging using the Set-SendConnector or Set-ReceiveConnector cmdlet to set the ProtocolLoggingLevel parameter to None. You can also use the Set-TransportServer cmdlet to set the IntraOrgProtocolConnectorLoggingLevel parameter to None.


2.7. Configuring the Maximum Size of Protocol Log Files

The maximum size for each protocol log file is 10 MB by default. All Receive connectors on a Transport server share the same protocol log files. All Send connectors on the server share the same protocol log files. However, the log files that the Receive connectors use are not the same as the log files that the Send connectors use.

When a protocol log file reaches its maximum size, a new protocol log file opens. This process continues until either the protocol log directory reaches its specified maximum size or a protocol log file reaches its specified maximum age. After the maximum size or age limit is reached, circular logging deletes the oldest protocol log files.

You can use the EMS but not the EMC to set the maximum size of Receive connector and Send connector protocol log files. For example, to set the maximum size of Receive connector protocol log files to 15 MB on the Hub Transport server VAN-EX1, you would enter the following command:

Set-TransportServer -Identity VAN-EX1 -ReceiveProtocolLogMaxFileSize 15MB

To set the maximum size of Send connector protocol log files to 20 MB on the Edge Transport server DEN-EDGE1, you would enter the following command:

Set-TransportServer -Identity DEN-EDGE1 -SendProtocolLogMaxFileSize 20MB

2.8. Configuring the Maximum Size of the Protocol Log Directory

The maximum size for the whole protocol log directory is 250 MB by default. All Receive connectors on a Transport server share the same protocol log directory, and all Send connectors on a Transport server share the same protocol log directory. However, the Receive protocol directory is not the same directory as the Send protocol log directory. Circular logging deletes the oldest protocol log files when either the protocol log directory reaches its specified maximum size or a protocol log file reaches its specified maximum age.

You can use the EMS but not the EMC to configure the maximum size of the Receive connector protocol log directory and the Send connector protocol log directory. For example, to change the maximum size of the Receive connector protocol log directory to 300 MB on the Hub Transport server VAN-EX2, you would enter the following command:

Set-TransportServer -Identity VAN-EX2 -ReceiveProtocolLogMaxDirectorySize 300MB


To set the maximum size of the Send connector protocol log directory to 400 MB on the Hub Transport server VAN-EX1, you would enter the following command:

Set-TransportServer -Identity VAN-EX1 -SendProtocolLogMaxDirectorySize 400MB


2.9. Configuring the Maximum Age of Protocol Log Files

The maximum age for a protocol log file is 30 days by default. Circular logging deletes the oldest protocol log files if either the protocol log directory reaches its specified maximum size or a protocol log file reaches its specified maximum age.

You can use the EMS but not the EMC to configure the age limit of the Receive connector protocol log files and the Send connector protocol log files. You specify an age value by entering it as a time span in the format dd.hh:mm:ss, where dd = days, hh = hours, mm = minutes, and ss = seconds. The valid input range for this parameter is 00:00:00 through 24855.03:14:07. Setting the value of the ReceiveProtocolLogMaxAge parameter or the SendProtocolLogMaxAge parameter to 00:00:00 prevents the automatic removal of protocol log files because of their age.

For example, to change the age limit of the Receive connector protocol log files to 45 days on Edge Transport server DEN-EDGE2, you would enter the following command:

Set-TransportServer -Identity DEN-EDGE2 -ReceiveProtocolLogMaxAge 45.00:00:00


To set the age limit of the Send connector protocol log files to 40 days on the Hub Transport server VAN-EX2, you would enter the following command:

Set-TransportServer -Identity VAN-EX2 -SendProtocolLogMaxAge 40.00:00:00
Other -----------------
- Windows Server 2003 : Implementing a DNS Name Resolution Strategy
- Windows Server 2003 : Designing a DNS Namespace
- Windows Server 2003 : Determining Name Resolution Requirements
- SharePoint 2010 Central Administration Backup and Restore : Backup,Restore Prerequisites and Considerations
- SharePoint 2010 : An Overview of Backup and Restore Capabilities (part 2) - Granular Backup & Configuration-Only Backup
- SharePoint 2010 : An Overview of Backup and Restore Capabilities (part 1) - Farm Backup and Restore
- Exchange Server 2010 : Generating Reports (part 5) - Using the Microsoft Exchange Best Practices Analyzer (ExBPA) to Create Reports
- Exchange Server 2010 : Generating Reports (part 4)
- Exchange Server 2010 : Generating Reports (part 3) - Testing Mail Flow
- Exchange Server 2010 : Generating Reports (part 2) - Reporting Mailbox Folder Statistics
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server