Send and Receive Logs
While the location of send and receive logs are controlled by the Transport server configuration, whether or not a particular SMTP transaction is logged is controlled by the individual connector that the transaction passes through.
Each receive connector and send connector has a Protocol Logging Level associated with it. That level is either None or Verbose. The default value for the level is None.
You can also easily set the value of the Protocol Logging Level from PowerShell. The PowerShell command would look like this:
Set-ReceiveConnector "Default Win2008R2Ex2010" -ProtocolLoggingLevel Verbose
That command enables protocol logging. To disable protocol logging, use this command:
Set-ReceiveConnector "Default Win2008R2Ex2010" -ProtocolLoggingLevel None
The same ProtocolLoggingLevel parameter exists in Set-SendConnector and uses the same values.
By default, receive connector log files reside in C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpReceive and send connector log files reside in C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpSend.
The log files generated by the send and receive connectors.
IntraOrg Connector
Here's a final note on connectivity and protocol logging. By default, not all communication is logged - only communication that is either entering or exiting the Exchange organization is logged. Every Hub Transport server has an implicit ''invisible'' bidirectional connector to every other Hub Transport server and Edge Transport server. If you want to see logging for communications across this implicit connector, you have to specifically enable it. And, as the volume of internal traffic may be much higher than external traffic, you may want to keep a close eye on how many system resources are consumed by doing this.
To enable intraorganizational logging, use this command:
Set-TransportServer Win2008R2Ex2010 -IntraOrgConnectorProtocolLoggingLevel verbose
And to disable it:
Set-TransportServer Win2008R2Ex2010 -IntraOrgConnectorProtocolLoggingLevel None
Routing Logs
Exchange Server 2010 does not have a routing engine per se, but it does maintain logs of the known routes to access other Exchange servers and other message destinations. The log files are written four times a day or when the transport services are restarted. By default, the log files are found in C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\Routing.
However, the XML-formatted log file is not particularly easy to follow if you open it in a text editor. In the Exchange Management Console Toolbox work center you'll find the Routing Log Viewer, which will allow you to retrieve these logs and to view information such as servers, connectors, address spaces, and Active Directory site information.
Other Logs
We have not specifically discussed using log files from either IIS or the DNS. However, many facets of Exchange Server 2010 run through IIS:
- Outlook Web App
- Outlook Anywhere
- Exchange Control Panel
- Remote PowerShell
- Exchange ActiveSync
- Exchange Web Services
- Public Folders
- Offline Address Books
- AutoDiscover
To the Exchange administrator, that means IIS logs can be invaluable tools to determine whether users have been able to connect, what errors may have occurred, what security is required, and so forth. The IIS logs can also be mined for performance data (such as how many Outlook Anywhere sessions are occurring, or how many authentication errors are happening) - so do not ignore them in your search for diagnostic data.
Finally, the DNS servers used by your Exchange servers can also maintain log files about DNS queries, how long those queries take to answer, and errors that may occur in answering those queries. From time to time, those log files can help you answer difficult questions about why a particular piece of email could not be received or transmitted.
In this tutorial:
- Monitoring and Performance for Exchange Server
- Key Performance Monitor Counters
- Memory
- Processor
- Disk
- Disk Performance Counters
- Active Directory for Exchange Server
- Network
- MAPI
- Using System Center Operations Manager
- Modifying Management Pack Objects
- Event Logs
- Defining a Security Audit Policy
- Protocol and Connection Logs
- POP
- Send and Receive Logs