Exchange 2007 and Message Tracking

A nice feature in Exchange 2007 SP1 is the Message Tracking. Message tracking records the Simple Mail Transfer Protocol (SMTP) transport activity of all messages that are transferred to and from an Exchange 2007 computer that has the Hub Transport, Mailbox, or Edge Transport server role installed. You can use message tracking logs for message forensics, mail flow analysis, reporting, and troubleshooting. In this article I’ll give you some nice tips to configure and fine-tune the message tracking feature.

Remember, by default, message tracking is enabled on all Exchange 2007 computers that have the Hub Transport, Mailbox, or Edge Transport server roles installed.

You can enable or disable the message tracking performing the following steps:

1) Open the Exchange Management Console
2) Open Server Configuration, Hub Transport, Properties on your servername
3) Click on the tab Log Settings       

 mt_01    mt_02    mt_03

You can also configure the message tracking with the Exchange Management Shell. You can use the following command:

Set-TransportServer <Identity> -MessageTrackingLogEnabled <$true | $false>
(For example: Set-TransportServer SRVEXC01 -MessageTrackingLogEnabled $true)
——————————————————————

By default, the place of your message tracking logfiles is the following location:
DriveLetter:\Exchsvr\TransportRoles\Logs\MessageTracking
(For example: E:\Exchsvr\TransportRoles\Logs\MessageTracking
)

You can change this path with the Exchange Management Console, just browse to the new folder, or you can change this path with the Exchange Management Shell with the following command:
Set-TransportServer <Identity> -MessageTrackingLogPath <LocalFilePath>
(For example: Set-TransportServer SRVEXC01 -MessageTrackingLogPath E:\MessageTracking\Logs
)

Note! when you change the message tracking logpath, make sure this folder has the following permissions:
– Administrator: Full Control
– System: Full Control
– Network Service: Read, Write, and Delete Subfolders and Files
——————————————————————

By default, the maximum size for each message tracking log file is 10 MB. When a message tracking log file reaches its maximum size, Exchange 2007 opens a new message tracking log file. This process continues until either of the following conditions is true:
– The message tracking log directory reaches its specified maximum size.
– A message tracking log file reaches its specified maximum age.

After the maximum size or age limit is reached, circular logging deletes the oldest message tracking log files.
By default, the maximum size for the whole message tracking log directory is 250 MB. Circular logging deletes the oldest message tracking log files when either of the following conditions is true:
– A message tracking log file reaches its specified maximum age.
– The message tracking log directory reaches its specified maximum size.
You can change this size with the following command:
Set-MailboxServer <Identity> -MessageTrackingLogMaxDirectorySize <DirectorySize>
(For example: Set-TransportServer SRVEXC01 -MessageTrackingLogMaxDirectorySize 600MB)
——————————————————————

By default, the maximum age for any message tracking log file is 30 days. Circular logging deletes the oldest message tracking log files if either of the following conditions is true:
– The message tracking log directory reaches its specified maximum size.
– A message tracking log file reaches its specified maximum age.
You can change this age with the following command:
Set-TransportServer <Identity> -MessageTrackingLogMaxAge <Age>
(For example: Set-TransportServer SRVEXC01 -MessageTrackingLogMaxAge 90.00:00:00)

 To specify an age value, enter it as a time span, as follows: dd.hh:mm:ss where d = days, h = hours, m = minutes, and s = seconds. The valid input range for this parameter is 00:00:00 to 24855.03:14:07. Setting the value of the MessageTrackingLogMaxAge parameter to 00:00:00 prevents the automatic removal of message tracking log of files because of their age.
——————————————————————

To see all the settings of your TransportServer, you can use the following command:
get-transportserver | fl

In the next post I’ll let you see how to use the Exchange Message Tracking for easy tracing some e-mailtraffic.

Leave a Reply

You must be logged in to post a comment.