Windows 7 / Getting Started

Protocol and Connection Logs

Exchange Server 2010 can optionally maintain logs for almost every conversation that takes place between two servers. The exception is end-user MAPI connections - and if you are using Outlook Anywhere, you can get a pretty good feel for those using IIS logs.

There are two primary reasons for enabling protocol and connection logs:

  • Diagnosing and correcting problems
  • Performance reporting

In the case of problem diagnosis, sometimes nothing is better than being able to point at a particular log file and say, ''Yes, you are connecting, but this is what is happening . . . '' And likely, the day will come that your management will want to be able to tell how many messages you have incoming, outgoing, heaviest users, and so forth. OpsMgr provides some of those reports for you, but many third-party utilities are available to produce detailed analysis of the comings and goings of your Exchange servers.

A common theme in all Exchange-generated log files (please note that this does not apply to IIS-generated log files - they follow a different standard) is that each line of the log file is reporting some event. In this case, Event is a fixed field in each log file, and that field will contain one of the characters in Table-9.

Let's take a brief introductory look at each of the protocol logs and what they contain.

IMAP

By default, the IMAP protocol is neither enabled nor running on Exchange Server 2010. To enable the service, run the following PowerShell command:

Set-Service MSExchangeIMAP4 -StartupType Automatic

Table-9: The Events in Protocol Log Files

Character 	Meaning
+ 		A connection is being established to this computer.
- 		A connection has been completed or was disconnected.
> 		A message is being sent outbound.
< 		An inbound message was received.
* 		An informational event has occurred.

However, before you start the service, you may want to review the logon authentication method required. The default method requires TLS to be enabled (that is, IMAP over TLS). While many modern IMAP clients support this, if you simply want to test, you can change that to basic authentication. Here's the PowerShell command for that:

Set-ImapSettings -LoginType PlainTextLogin

And finally, to enable IMAP logging, you execute the follow PowerShell command:

Set-ImapSettings -ProtocolLogEnabled $true

You are now ready to start the IMAP service:

Start-Service MSExchangeIMAP4

With the exception of setting the ProtocolLogEnabled value to $true, all these items can also be done in the appropriate GUI.

IMAP log files are comma-separated-value (CSV) format log files, in plaintext. They are located in C:\Program Files\Microsoft\Exchange Server\V14\Logging\Imap4.

In comparison to the contents of the IMAP log file from prior versions of Exchange, the presence of the Session-id and Sequence-number fields are noteworthy. The session-id value is guaranteed to be unique, and the sequence-number value identifies the order of commands. They are important when you have many users using the service at the same time, as the input and output from the sessions are interleaved in the log files and can be quite confusing.

[Previous] [Contents] [Next]

In this tutorial:

  1. Monitoring and Performance for Exchange Server
  2. Key Performance Monitor Counters
  3. Memory
  4. Processor
  5. Disk
  6. Disk Performance Counters
  7. Active Directory for Exchange Server
  8. Network
  9. MAPI
  10. Using System Center Operations Manager
  11. Modifying Management Pack Objects
  12. Event Logs
  13. Defining a Security Audit Policy
  14. Protocol and Connection Logs
  15. POP
  16. Send and Receive Logs