Exchange 2000 SMTP Logging and Archiving

[June 25, 2002]
Exchange 2000 SMTP Logging and Archiving
By: Joseph Neubauer
Feature
InstantDoc #25492
Web Exclusive from Windows IT Pro

Diagnose and report SMTP server communication with these helpful tools

Most people who use email aren't concerned about the details of email communication because email works—most of the time. When it doesn't work, the task of figuring out why falls to you, the Exchange administrator. SMTP is the Internet protocol that lets email systems communicate with one another. Let's look at options for configuring and using two Exchange 2000 Server SMTP tools: protocol logging and archiving.

SMTP Protocol Logging
Whenever a user makes an SMTP connection to or from your Exchange server, the server establishes an SMTP session, and the two hosts exchange a series of commands, data, and response codes. Figure 1, page 2, shows an example of a typical SMTP dialogue between two computers. The >>> chevrons indicate the commands the sending system issues, and the <<< chevrons indicate the receiving system's response. You can use the log of the two hosts' conversation for diagnostic and reporting purposes.

Enabling SMTP Protocol Logging
Before you configure your server for SMTP protocol logging, you must decide where to store the log files, how long you want to retain the logs, and how much data to record. Earlier Exchange releases required that you configure protocol logging on a perInternet Mail Service (IMS) or perInternet Mail Connector (IMC) basis; Exchange 2000 requires that you configure logging on a perSMTP virtual-server basis.

To configure SMTP protocol logging, open the Microsoft Management Console (MMC) Exchange System Manager snap-in. Right-click the SMTP virtual server and select Properties. In the Properties dialog box, select the General tab, as Figure 2, page 2, shows. Enable logging and select the log file format from one of four options: Microsoft IIS Log File Format, NCSA Common Log File Format, W3C Extended Log File Format, or ODBC Logging.

Selecting ODBC Logging lets you write log data directly to an ODBC-compliant database. If you select this option, you need to manually create a database table to store the log data (use the database software you prefer, such as Microsoft SQL Server or Microsoft Access). A SQL Server template file named logtemp.sql is included in the C:\winnt\system32\inetsrv directory; you can use this file to create the necessary fields in the database table. Configuring IIS for ODBC logging is more complex than configuring IIS for the other three types of logging. For step-by-step instructions, see the Microsoft article "How To Configure ODBC Logging in IIS" (http://support.microsoft.com/default.aspx?scid=kb;en-us;q245243). Although the article mentions Microsoft Internet Information Server (IIS) 4.0, the steps are also valid for Internet Information Services (IIS) 5.0.

After you implement ODBC logging, SMTP logging operation performance is subject to the database's performance. In addition, you must configure and manage the account you use for authentication.

The IIS format, National Center for Supercomputing Applications (NCSA) Common format, and World Wide Web Consortium (W3C) Extended format are text based—in other words, IIS writes the log data to one or more text files on the local system's disks. Each of the three logging formats lets you configure settings that control how large a log file becomes. After you select a log format, click the Properties button on the General tab in the Properties dialog box to display the Extended Logging Properties dialog box that Figure 3 shows. From this dialog box, you can configure sizing options, log location, and other format-specific settings. You can let the text-based logs grow to an unlimited size, or you can configure the rollover options to create new logs hourly, daily, weekly, monthly, or when logs reach a specific size. (You can't configure rollover options for preExchange 2000 SMTP protocol logging.)

You can't use general metrics to determine how quickly a log will grow; logs grow at different rates depending on the level of SMTP traffic that passes through the server and the logging format you select. Whichever format or rollover option you select, periodically purge the accumulating log files. How often you purge the log files depends on the logging partition's free disk space and your organization's record-retention requirements. When the logging partition is full, IIS logging stops until space becomes available. This action doesn't affect processing and message-traffic delivery, but it does affect logging operations. You can use your favorite scripting language and a scheduled task to easily automate the deletion of old log files.

The Extended Logging Properties dialog box lets you specify the log location. The default path is C:\winnt\system\logfiles\smtpsvcn, where n uniquely identifies a virtual server. By default, Exchange has only one SMTP virtual server, so the path is C:\winnt\system\logfiles\smtpsvc1. If you add a second SMTP virtual server, the system will identify the second directory as C:\winnt\system\logfiles\smtpsvc2.

The names of the files in the smtpsvcn directory vary depending on the options you select. For example, if you select the IIS format with monthly log rollover, the log filename will begin with the letters in followed by two digits for the year and two digits for the month (e.g., in0201.log for January 2002). If you select daily W3C Extended logging, the filename will begin with the letters ex followed by six digits for the year, month, and day (e.g., ex020417 for April 17, 2002). The Extended Logging Properties dialog box displays the available naming conventions based on your selection. (For a detailed description of the naming conventions, see the Microsoft article "IIS Log File Naming Syntax" at http://support.microsoft.com/default.aspx?scid=kb;en-us;q242898.)

Prev. page [1] 2 3 next page

You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

I have a problem, i have had analyzing the log, but i have some lines blended, i want know if the lines in the log they come in order?

For example, i have this lines, i want know what line DATA belongs to what line RCPT, my objetive is know that mail can send it and that mail can't send it. The lines in the log are:

2003-05-24 17:45:28 10.1.2.14 reforma.com SMTPSVC1 GRCDEVSQL 10.1.2.14 0 HELO - +reforma.com 250 0 57 16 0 SMTP - - - - 2003-05-24 17:45:28 10.1.2.14 hotmail.com SMTPSVC1 GRCDEVSQL 10.1.2.14 0 HELO - +hotmail.com 250 0 57 16 0 SMTP - - - - 2003-05-24 17:45:28 10.1.2.14 reforma.com SMTPSVC1 GRCDEVSQL 10.1.2.14 0 HELO - +reforma.com 250 0 57 16 0 SMTP - - - - 2003-05-24 17:45:28 10.1.2.14 reforma.com SMTPSVC1 GRCDEVSQL 10.1.2.14 0 MAIL - +FROM:+<madavila@reforma.com> 250 0 45 33 0 SMTP - - - - 2003-05-24 17:45:28 10.1.2.14 reforma.com SMTPSVC1 GRCDEVSQL 10.1.2.14 0 MAIL - +FROM:+<madavila@reforma.com> 250 0 45 33 0 SMTP - - - - 2003-05-24 17:45:28 10.1.2.14 hotmail.com SMTPSVC1 GRCDEVSQL 10.1.2.14 0 MAIL - +FROM:+<madavila@reforma.com> 250 0 45 33 0 SMTP - - - - 2003-05-24 17:45:28 10.1.2.14 reforma.com SMTPSVC1 GRCDEVSQL 10.1.2.14 0 RCPT - +TO:<madavila@reforma.com> 550 0 52 30 0 SMTP - - - - 2003-05-24 17:45:28 10.1.2.14 reforma.com SMTPSVC1 GRCDEVSQL 10.1.2.14 0 RCPT - +TO:<agallego@reforma.com> 550 0 51 29 0 SMTP - - - - 2003-05-24 17:45:28 10.1.2.14 hotmail.com SMTPSVC1 GRCDEVSQL 10.1.2.14 0 RCPT - +TO:<madavila@hotmail.com> 550 0 52 30 0 SMTP - - - - 2003-05-24 17:45:28 10.1.2.14 hotmail.com SMTPSVC1 GRCDEVSQL 10.1.2.14 0 DATA - - 554 0 0 4 0 SMTP - - - - 2003-05-24 17:45:28 10.1.2.14 reforma.com SMTPSVC1 GRCDEVSQL 10.1.2.14 0 DATA - - 250 0 0 4 0 SMTP - - - - 2003-05-24 17:45:28 10.1.2.14 reforma.com SMTPSVC1 GRCDEVSQL 10.1.2.14 0 DATA - - 554 0 0 4 0 SMTP - - - - 2003-05-24 17:45:28 10.1.2.14 reforma.com SMTPSVC1 GRCDEVSQL 10.1.2.14 0 QUIT - reforma.com 0 0 31 4 0 SMTP - - - - 2003-05-24 17:45:28 10.1.2.14 reforma.com SMTPSVC1 GRCDEVSQL 10.1.2.14 0 QUIT - reforma.com 0 0 31 4 0 SMTP - - - - 2003-05-24 17:45:28 10.1.2.14 hotmail.com SMTPSVC1 GRCDEVSQL 10.1.2.14 0 QUIT - hotmail.com 0 15 31 4 0 SMTP - - - -

Than you very much!

Mario Dávila Rangel- May 24, 2003

ADS BY GOOGLE SPONSORED LINKS

Microsoft® Tech•Ed EMEA 2008 Developers: Learn through hands-on experience with the newest and coolest development tools and acquire the skills you need to build more streamlined, scalable, and secure applications, Nov. 10-14, 2008 in Barcelona, Spain.

Order Your Fundamentals CD Today!: Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.

Try Idera’s new SQL admin toolset!: 24 essential desktop tools for managing SQL Server for $495.

Evaluating Your Database Infrastructure: The wind of change is in the air for your corporate databases. SQL Server 2008 and other new technologies can mean it is possible to deploy more powerful and effective databases.

True High Availability for SQL Servers: SQL Server DBA’s must ensure that they have some form of protection in place. This seminar gives useful tips on HA and resources that are available for your disaster recovery planning.

Simplify your data management: Affordable multi-database query and design tool-- free trial!

FEATURED LINKS

Coming This Fall - Deploying SharePoint - Live Event Series: Join SharePoint experts for best practices regarding infrastructure, design, forms configurations, and redundancy. Early Bird Price of $99!

SQL Server Magazine Connections Conference: Don’t miss the premier event for Microsoft developers and DBAs in Las Vegas, November 10-13. Register and book your room by August 25 and receive a FREE room night (based on a three night minimum stay).

Find a new job on the all new IT Job Hound!: Search jobs, post your resume, and set up job e-mail alerts!

Virtualization 101 – Live Web Seminar Aug. 21: Get an introduction to all the uses of virtualization and the differences between hosted, hypervisor-based, and OS-level virtualization.

Master SharePoint with 3 eLearning Seminars!: Learn how to customize field types, create scheduled services, and go further with the Content Query Web Part with MVP Andrew Connell. Register today!

Virtualization for Mission-Critical BI with SQL Server: Join this Aug. 20th web seminar to learn a different approach to virtualization for BI-based application infrastructure. Ask questions of live experts!

Windows IT Pro Is Your Definitive Source for BI Tools: Our tools are BI-lateral (relating to both the front and back ends of BI). Build the best platforms and reports with help from SQL Server Magazine. Master data-delivery with solutions in Windows IT Pro. Choose the resource that's right for you.

	SQL Server Magazine Register Subscribe FAQ for Windows WinInfoNews
	Contact Us / Customer Service Editorial Calendar Media Kit Affiliates / Licensing Technical Resources Directory
	Windows IT Pro Office & SharePoint Pro Windows Dev Pro IT Library Connected Home Windows Excavator SuperSite IT Job Hound

	Copyright © 2008 Penton Media, Inc. All rights reserved. Terms and Use Privacy Statement Reprints and Licensing

Search

Reader Comments

Related Whitepapers

Related Events

Related eBooks

Related Essential Guides

Related Resources

vLabs Links

SQL Job Openings

ADS BY GOOGLE SPONSORED LINKS

FEATURED LINKS