Message tracking helps administrators monitor the flow of messages out of and into the organization. Because public folder posts are handled similar to email messages, message tracking can also help monitor public folder usage. When message tracking is enabled, Exchange maintains daily logs of messages transported within the organization. Logs are useful for figuring out the status of a message, such as sent, received, or waiting in the queue for delivery. Logs are also useful for troubleshooting delivery and routing problems.
Different message-logging settings can be configured on Exchange servers within the organization. Standard message tracking allows searches for messages by date, time, message ID, sender, or recipient. Extended message tracking allows the same search criteria as standard message tracking, in addition to subject-line information and the capability to search messages based on message stateAll Messages, Frozen, and Retry. Use the following steps to configure message logging:
In ESM, expand the administrative group that contains the server you want to work with. Expand Servers and then right-click the server and select Properties. The server's Properties dialog box will display as shown in Figure 12.1.
Figure 12.1. Configuring message tracking using the server's Properties dialog box.
Select the Enable Message Tracking check box to enable standard logging and message tracking. When prompted, write down the path to the network share noted in the pop-up dialog box; administrators will need to grant read access to the network share for users who will perform message tracking.
If the Enable Message Tracking check box is grayed out, check the server policy object applied to the server; most likely the server is part of a server policy. To resolve, administrators must either enable message tracking on the policy or remove the server from this policy.
Select the Enable Subject Logging and Display check box and then select the Enable Message Tracking check box to enable extended logging and tracking features.
To periodically delete log files, select the Remove Log Files check box. Type a logging interval value between 1 and 99 in the Remove Files Older Than (days) Field. Typically, log files should be kept at least seven days.
Click OK to complete the configuration.
Administrators can now search through the message-tracking logs by specifying the message id, sender, recipient, date, or the message, and also specify the server that processed the messages. The search is performed using the Message Tracking Center and the following steps:
In ESM, navigate the console tree in the left pane and expand the Tools node by double-clicking. Then select Message Tracking Center.
Enter the appropriate search criteria (message id, sender or recipient email address, server name) and then click Find Now to begin the search. Messages matching the criteria will be displayed. Click Stop to cancel message searching.
Select a message to display its message tracking history.
Message-tracking logs can grow large on servers processing many inbound and outbound messages. Be sure adequate hard disk space is available for tracking log files.
Logging Virtual Servers and Diagnostics Logging
Protocol logging allows administrators to track commands sent to virtual servers from client machines. It can be used to help troubleshoot problems with SMTP, HTTP, and NNTP virtual servers, but should not be used to monitor Exchange Server activity. Because protocol logging is resource and process intensive, Exchange Server would have to perform a lot of extra work to log protocol activity. Instead of choosing all the properties to track, specify only those needed for troubleshooting. Administrators can use logging to determine connection errors, server errors, user authentication errors, protocol command errors, and more. By default, protocol logs are written to the %SystemRoot%\System32\LogFiles directory in the format EXYYMMDD.log.
Enabling Protocol Logging
Protocol logging is enabled on each virtual server separately. Whereas HTTP virtual servers are used to track protocol logging for HTTP, OWA, and OMA, SMTP virtual servers are used to track SMTP message submission and transport. To enable protocol logging for SMTP, complete the following steps:
In ESM, expand the administrative group of the server you want to work with. Expand Servers, the server to work with, and then expand Protocols.
Expand the SMTP node and right-click the virtual server to work with and select Properties.
On the General tab, select the check box next to Enable Logging. Select the default log format, W3C Extended Log File Format, unless you're absolutely sure one of the other file formats will fit the logging needs.
Click Properties to display a dialog box. On the General tab, the log time interval can be set. Daily or weekly logs will be sufficient in most cases, so select either Daily or Weekly. Use the Log File Directory field to change where the log files will be stored.
On the Advanced tab, extended logging options are available. Choose additional properties as needed, click OK, and then click OK again to finish configuring.
Enabling Diagnostic Logging
Diagnostic Logging is used to detect Exchange-related performance issues. Unlike protocol tracking logs that are written to separate log files, diagnostic log files are written to the Window event logs and are viewed through the Application option in Event Viewer. Diagnostic logging can affect server performance, so only enable diagnostic logging when trouble shooting performance issues.
Four levels of logging can be set:
None Default level that records only significant events that are written to application, security, and system event logs.
Minimum Used to identify a problem that may exist, but does not pinpoint the problem. Exchange records summary entries for each major task.
Medium Used to gather more information after a problem is identified. Exchange writes summary and detailed entries in the event logs.
Maximum Provides a complete audit trail of every action a service performs. This level severely affects server performance and uses a lot of hard disk space. Monitor hard disk space closely to prevent running out of drive space.
To enable diagnostic logging, perform the following steps:
Identify reported performance problems and determine possible services to troubleshoot.
In ESM, expand the administrative group of the server you want to work with. Expand Servers, right-click the server to work with, and then select Properties.
Click the Diagnostics tab. Use the Services list to select a service(s) to track. The Categories list should show a list of trackable activities, such as replication or authentication.
In the Categories list, select the activity to track and then select an appropriate logging level. Repeat this step to track additional activity categories.
Repeat steps 3 and 4 to track other services. When you're done, click OK to finish.
When finished troubleshooting, be sure to reset the logging level back to None on any tracked services to prevent hard disk space problems.
Remember, if check boxes for settings are grayed out, check the server policy object applied to the server; most likely the server is part of a server policy. To resolve, administrators can disable the policy or remove the server from this policy.
The events are primarily logged in the Application log where key events are recorded by Exchange services. Administrator can access the application through Event Viewer by clicking Start, selecting All Programs or Programs, selecting Administrative Tools, and then pointing to and clicking Event Viewer.