11.12 Standard diagnostics

 < Day Day Up > 



The application event log is a rich source of information for an Exchange administrator. Events logged include:

  • Starting and stopping of services

  • Mounting and dismounting of databases

  • Results of background system maintenance, such as database defragmentation

  • Security failures, such as attempts made to log on to a mailbox from an unauthorized account

  • Failures in normal operation

Events in the last category are obviously the most important to be aware of and respond to quickly. Unfortunately, the application event log (the location where these events are written to) normally holds hundreds of events, and it can be difficult to isolate important instances in such a mass of data. Browsing through the event log with the Windows Event Viewer (Figure 11.66) can be very unproductive unless you use a filter (an option from the View menu) to isolate specific events. In this case, we apply a filter to find all instances of event 1207 (which reports how many items in a stosre are past their deleted retention period) and the filter isolates 507 events from 35,176. This is not surprising, because the application event log on this server extends over six months and there are two Stores (Mailbox and Public), each of which logs an event nightly. Even with an applied filter, we still have much data to understand.

click to expand
Figure 11.66: Event Viewer.

Products such as NetIQ or MOM are very useful to system administrators, because they can filter information from many different servers and flag critical errors in an effective manner. If you only have one or two servers to manage, investing in a specialized monitoring product may be a touch expensive, especially if it requires a SQL license, so in this situation you will just have to pay attention to the system event log and check its contents on a regular basis.

Every version of Exchange has added new events to the set that the server logs. Even if you are an experienced administrator, it is a good idea to look through the application event log for a live server and make a note of logged events. The set of events can then become a checklist for administrators to review regularly to ensure that everything is running as expected. It is also helpful if you can come up with a procedure to respond to particular events. As discussed previously, -1018 events are not welcome on any Exchange server, but administrators need to understand what these and other events mean and the steps they should take to address the problem.

11.12.1 Turning up logging

Inevitably, problems do occur during normal operation. When this happens, you can turn up the level of diagnostic logging on a server to force Exchange to capture additional information. Hopefully, a clue to the problem will then turn up in the information recorded in the application event log. Microsoft PSS often ask administrators to turn up logging before attempting to reproduce a problem.

Diagnostics logging is set as a property of a server. As you can see in Figure 11.67, a number of settings for each subsystem can be individually turned up-from "None," the normal level, to "Maximum," which will force the server to record a great deal of information. The default level is somewhat misleading, because it does not really mean that Exchange records no information in the event log. Instead, "None" means that Exchange records details of critical errors but ignores informational events. There are exceptions to this rule, since Exchange does report some informational events even when logging is set to "None." For example, event 701 from the Store reports when a background defragmentation pass has completed for a Mailbox Store; and event 9535 reports how many deleted mailboxes the System Attendant removes from the Store during its regular scan for mailboxes past their retention period.

click to expand
Figure 11.67: Setting diagnostic logging level for a server.

It is great to be able to gather lots of information, but you have to be careful about generating too much data. Only turn up logging when you need to. Exchange records quite enough information in the event log with its default settings, and you do not want to miss something important just because you are not able to spot a significant event among a whole mass of informational messages.



 < Day Day Up > 



Microsoft Exchange Server 2003
Microsoft Exchange Server 2003 Administrators Pocket Consultant
ISBN: 0735619786
EAN: 2147483647
Year: 2003
Pages: 188

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net