Introduction to Exchange Server 2003 Logs
Logs really will help you troubleshoot virtually any Exchange 2003 problem. The idea of this page is to open your eyes to the numerous types of Exchange logs and where to find them.
Topics for Exchange Server 2003 Logs
♠
Types of Logs in Exchange 2003
Microsoft are not perfect. However, I have always felt that from Windows 3.11 onwards Microsoft provide lots of troubleshooting information by way of logs. The reason that Exchange 2003 has so many logs is that it has so many components. There are database logs for the mailstore, Windows 2003 application logs, protocol logs e.g. SMTP, performance logs, and virus logs. Unfortunately there is not central location to view all the logs, so you have to explore the \exchsrvr folder, Event Viewer and even the root of the C:\ or D:\ drive.
- Event Viewer – Classic place to start troubleshooting any computer problem
- Diagnostic Logging – If you need more information about Exchange Services
- SMTP 4 Types – W3C Extended, ODBC, Microsoft IIS and NCSA
- SMTP raw logging of commands, e.g. Helo, ehlo, DATA and RCPT
- Setup.log and Exchange Server Setup Progress.log
- Message Tracking
- Transaction Logs (Circular Logging)
- DNS Log – Check DNS for name resolution errors which could result in connectivity problems
Event Viewer: Application Log
When ever there is an email problem, I try and train myself to look in the Event Viewer earlier, rather than later in the troubleshooting cycle. So in the case of Exchange 2003, begin with the Application Log. People often say ‘finding the problem is like looking for a needle in a haystack’. My reply is: ‘ master Event Viewer’s Filter ‘. Click on the View Menu, Filter and select one of these from the Event Source box.
- MSExchangeAL – Addressing Email
- MSExchangeIS – IIS Access
- MSExchangeSA – Active Directory related
- MSExchangeTransport – SMTP Routing
- POP3Svc
Guy Recommends: SolarWinds’ Log & Event Management Tool
LEM will alert you to problems such as when a key application on a particular server is unavailable. It can also detect when services have stopped, or if there is a network latency problem. Perhaps this log and event management tool’s most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.
Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA. LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches – give LEM a whirl.
Download your FREE trial of SolarWinds Log & Event Management tool.
Event Viewer: System Log
Apply the same technique that I described for the Application log. Key menu: Filter source:
- SMTPSVC – SMTP Service
- ClusSvc – Cluster Service
- W3SVC – IIS
- MSExchangeIS Mailbox Store
Setup.log and Exchange Server Setup Progress.log
Exchange even has two setup logs to help you troubleshoot install programs. These files are created in the root of the drive where the Exchange 2003 binaries are installed. For example look in C:\ or D:\. These files give valuable reasons why setup failed. Could not extend the schema, or problems overwriting priv1.edb in the MDBDATA folder. I once used the progress log to solve a replication problem when migrating from Exchange 5.5.
Summary of Exchange Server 2003 Logs
When you are troubleshooting Exchange 2003, collect the evidence by going first to the event logs. Explore the numerous places and types of logs that Exchange has to offer. Find out where to turn the logs on and learn how to interpret the output data.
See Also
- BPA – Best Practice Analyzer
- Eseutil
- Isinteg
- Network Monitoring
- Performance Monitoring Advice
- Review Solarwinds Exchange Monitor
- Exchange Logs
- Diagnostic Logging
- Free Kiwi Syslog Analyzer
- SMTP Logging
