Summary: Exchange logs help you to investigate a problem or to get information on the monitoring system. In this post, we’ll give you a brief overview of the Exchange logs and discuss how to view the logs in Exchange Server. In addition, you’ll get to know about an Exchange recovery tool that can help in recovering the databases in case any issues arise.
Logs are important when it comes to monitoring or troubleshooting a system. In Exchange Server, there are various logs that you can investigate to get more insights into the problems or even information on the monitoring system to set up the right triggers on the log analysis system. In this post, we are going to discuss the Exchange logs in detail and how to see them in the Exchange Server – be it standalone or Database Availability Group (DAG).
What is Transport Logging?
In Exchange Server, there are six types of logging for the Transport. These are:
- Agent logging
- Connectivity logging
- Message tracking and delivery reports for administrators
- Pipeline tracing
- Protocol logging
- Routing table logging
These provide information about what’s happening in the transport pipeline. Mail flow occurs through the transport pipeline, which is a collection of services, connections, components, and queues that collaborate to route all the messages in the Exchange infrastructure.
All the logs with regards to the Transport service can be found in the TransportRoles folder, under the default installation folder of the Exchange Server.
Agent Logging
Agent logging keeps information of all the actions performed on messages by the antispam transport. Exchange Server has its own antispam service. If you don’t use a third-party service, you can go through this to get more information. These antispam transport agents are enabled by default.
There is a default location for these logs, but the folder is not created until the agent attempts to write information. So, if you are not using the antispam agent in Exchange Server, the folder will not be created. The log can be found at the following locations if you have a Mailbox server.
Front End Transport Service
<ExchangeInstallPath>\TransportRoles\Logs\FrontEnd\AgentLog
Transport Service
<ExchangeInstallPath>\TransportRoles\Logs\Hub\AgentLog
If you have a setup with an Edge Server having the transport service on Edge Transport servers, the location is slightly different as given below.
<ExchangeInstallPath>\TransportRoles\Logs\Edge\AgentLog
Connectivity Logging
In Connectivity logging, you can find the records for outbound message transmission activity which is done by the Transport service in the Exchange Server. The location is relevant to your Exchange Server installation path (as given below) for the Mailbox servers and Edge servers.
Front End Transport Service
<ExchangeInstallPath>\TransportRoles\Logs\FrontEnd\Connectivity
Transport Service
<ExchangeInstallPath>\TransportRoles\Logs\Hub\Connectivity
If you have a setup with an Edge Server having the transport service on Edge Transport servers, the location is slightly different as given below.
<ExchangeInstallPath>\TransportRoles\Logs\Edge\Connectivity
An example of the log is:
Message Tracking and Delivery Reports for Administrators
Message tracking is a detailed report of all the message activity in the Exchange Server. On the other hand, the delivery report is a focused search for message tracking log for messages which were sent to or from a specified mailbox.
<ExchangeInstallPath>\TransportRoles\Logs\MessageTracking
As you can see, the files are differently named for the first part of the file name. This is due to different information being logged. To identify these, follow the below explanation of what the files are and what are these files log.
MSGTRK – Transport Service
MSGTRMD – Mailbox Transport Delivery Service
MSGTRMS – Mailbox Transport Submission Service
If you have a setup with an Edge Server having the transport service on Edge Transport servers, the location is slightly different as given below.
<ExchangeInstallPath>\TransportRoles\Logs\MessageTracking
Pipeline Tracing
In pipeline tracing, you can find snapshots of the email messages before and after these are affected by the transport agents in the transport pipeline. This way you can identify any issues that may arise when a message is transformed after passing through the transport agents.
Front End Transport Service
<ExchangeInstallPath>\TransportRoles\Logs\Hub\PipelineTracing
Transport Service
<ExchangeInstallPath>\TransportRoles\Logs\Mailbox\PipelineTracing
If you have a setup with an Edge Server having the transport service on Edge Transport servers, the location is slightly different as given below.
<ExchangeInstallPath>\TransportRoles\Logs\Edge\PipelineTracking
Protocol Logging
This log holds all the SMTP communication that occurs between the Send and Receive connectors during message delivery.
The log can be found at the following locations if you have a Mailbox server.
Front End Transport Service – Receive Connectors
<ExchangeInstallPath>\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpReceive
Front End Transport Service – Send Connectors
<ExchangeInstallPath>\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpSend
Transport Service – Receive Connectors
<ExchangeInstallPath>\TransportRoles\Logs\Hub\ProtocolLog\SmtpReceive
Transport Service – Send Connectors
<ExchangeInstallPath>\TransportRoles\Logs\Hub\ProtocolLog\SmtpSend
If you have a setup with an Edge Server having the transport service on Edge Transport servers, the location is slightly different as given below for the respective connectors.
Receive Connector
<ExchangeInstallPath>\TransportRoles\Logs\Edge\ProtocolLog\SmtpReceive
Send Connector
<ExchangeInstallPath>\TransportRoles\Logs\Edge\ProtocolLog\SmtpSend
Routing Table Logging
The routing table periodically logs snapshots of the routing table that the Exchange Server uses to deliver messages. This will be ideal to identify slowness or network issues when receiving or sending emails.
This log is no longer available from the Exchange Toolbox in newer versions of Exchange and can be found at the following locations.
Front End Transport Service
<ExchangeInstallPath>\TransportRoles\Logs\FrontEnd\Routing
Transport Service
<ExchangeInstallPath>\TransportRoles\Logs\Hub\Routing
Mailbox Transport Service
<ExchangeInstallPath>\TransportRoles\Logs\Mailbox\Routing
The files are separated depending on the file names:
- MDRoutingConfig – Mailbox Transport Delivery Service
- MSRoutingConfig – Mailbox Transport Submission Service
If you have a setup with an Edge Server having the transport service on Edge Transport servers, the location is slightly different as given below.
<ExchangeInstallPath>\TransportRoles\Logs\Edge\Routing
How to Fix Issues?
Fixing issues can be tricky as systems are different and errors can be misleading sometimes. The logs can help the Exchange Server administrator to identify the issue and find a way to fix the problem. There could be issues that point to either configuration or installation problems as well as missing transaction logs, corrupted transaction logs, or even database corruption. The native tools, like ESEUtil, would help in such situations, but these will take a long time to execute.
Use Stellar Repair for Exchange which can drastically reduce the Exchange database recovery process in such situations. It can open multiple Exchange Server files of any version and in any state. You can browse through the data stores and export recovered mailboxes, archives, shared mailboxes, disabled mailboxes, and public folders to PST and other formats. You can easily export directly to a live Exchange Server database. The application offers features such as automatic/manual mailbox mapping, priority mailbox recovery, parallel mailbox recovery for performance, and continuation of export if interrupted.