How to Configure Protocol Logging
Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3
This topic explains how to use the Exchange Management Console or the Exchange Management Shell to configure protocol logging in Microsoft Exchange Server 2007.
Protocol logging records the Simple Mail Transfer Protocol (SMTP) conversations that occur between e-mail servers as part of message delivery. These SMTP conversations occur on Send connectors and Receive connectors that are configured on Exchange 2007 servers that have the Hub Transport server role or the Edge Transport server role installed. You can use protocol logging to diagnose mail flow problems.
By default, protocol logging is disabled on all Send connectors and Receive connectors. Protocol logging is enabled or disabled on a per-connector basis. Other protocol logging options are set on a per-connector type basis for the whole server. All the Receive connectors on a Hub Transport server or an Edge Transport server share the same protocol log files and protocol log options. These protocol log files and protocol log options are separate from the Send connector protocol log files and protocol log options that are on the same server. By default, Exchange 2007 uses circular logging to limit the protocol logs based on file size and file age to help control the hard disk space that is used by the protocol log files.
Before You Begin
To perform the following procedures, the account you use must be delegated the following:
- Exchange Organization Administrator role
To perform the following procedures on a computer that has the Edge Transport server role installed, you must log on by using an account that is a member of the local Administrators group on that computer.
For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.
Note
Do not modify the Send connectors that are located on an Edge Transport server that is subscribed to the Exchange organization by using the Edge Subscription process. Instead, modify the Send connectors on the Hub Transport server. The change will be replicated to the Edge Transport server when synchronization next occurs.
Enabling or Disabling Protocol Logging on a Receive Connector
By default, protocol logging is disabled on all Receive connectors. Protocol logging can be enabled or disabled individually on each Receive connector.
To use the Exchange Management Console to enable or disable protocol logging on an existing Receive connector
Open the Exchange Management Console, and perform one of the following steps:
To modify an existing Receive connector on an Edge Transport server, in the console tree, select Edge Transport, and then, in the work pane, click the Receive Connectors tab.
To modify an existing Receive connector on a Hub Transport server, expand Server Configuration in the console tree, and select Hub Transport. In the result pane, select the server that has the Receive connector that you want to modify, and then click the Receive Connectors tab.
In the work pane, select the Receive connector to modify.
Under the name of the Receive connector in the action pane, click Properties to open the Properties page.
Click the General tab and use the drop-down box next to Protocol logging level to enable or disable protocol logging. None disables protocol logging, and Verbose enables protocol logging.
After you make your protocol logging selection, click Apply to save changes and remain in the Properties page, or click OK to save changes and exit the Properties page.
To use the Exchange Management Shell to enable protocol logging on a Receive connector
Run the following command:
Set-ReceiveConnector <Identity> -ProtocolLoggingLevel <Verbose | None>
For example, if you want to enable protocol logging for a Receive connector named "Connection from Contoso.com", run the following command:
Set-ReceiveConnector "Connection from Contoso.com" -ProtocolLoggingLevel Verbose
Enabling or Disabling Protocol Logging on a Send Connector
By default, protocol logging is disabled on all Send connectors. Protocol logging can be enabled or disabled individually on each Send connector.
To use the Exchange Management Console to enable or disable protocol logging on an existing Send connector
Open the Exchange Management Console, and perform one of the following steps:
To enable or disable protocol logging for an existing Send connector on an Edge Transport server, in the console tree, select Edge Transport.
To enable or disable protocol logging for an existing Send connector on a Hub Transport server, expand Organization Configuration in the console tree, and select Hub Transport.
In the work pane, click the Send Connectors tab, and select the Send connector to modify.
Under the name of the Send connector in the action pane, click Properties to open the Properties page.
Click the General tab and use the drop-down box next to Protocol logging level to enable or disable protocol logging. None disables protocol logging, and Verbose enables protocol logging.
After you make your protocol logging selection, click Apply to save changes and remain in the Properties page, or click OK to save changes and exit the Properties page.
To use the Exchange Management Shell to enable protocol logging on a Send connector
Run the following command:
Set-SendConnector <Identity> -ProtocolLoggingLevel <Verbose | None>
For example, if you want to enable protocol logging for a Send connector named "Connection to Contoso.com", run the following command:
Set-SendConnector "Connection to Contoso.com" -ProtocolLoggingLevel Verbose
Enabling or Disabling Protocol Logging for the Intra-Organization Send Connector
A special Send connector named the intra-organization Send connector exists on every Hub Transport server. This connector is implicitly created, invisible, and requires no management. The intra-organization Send connector is used to relay messages to the following destinations:
To other Hub Transport servers in the Exchange organization
To Exchange Server 2003 servers in the Exchange organization
To Edge Transport servers in the Exchange organization
By default, protocol logging for the intra-organization Send connector is disabled. You can enable or disable protocol logging for the intra-organization Send connector by using the Set-TransportServer cmdlet.
To use the Exchange Management Shell to enable protocol logging on the intra-organization Send connector on a Hub Transport server
Run the following command:
Set-TransportServer <Identity> -IntraOrgProtocolLoggingLevel <Verbose | None>
For example, if you want to enable protocol logging for the intra-organization Send connector on a Hub Transport server named "Exchange01", run the following command:
Set-TransportServer "Exchange01" -IntraOrgProtocolLoggingLevel Verbose
Configuring the Location of the Protocol Log Files
By default, the Receive connector protocol log files are located at C:\Program Files\Microsoft\Exchange Server\TransportRoles\Logs\ProtocolLog\SmtpReceive. The directory must be local to the Exchange 2007 computer.
Note
You can configure the location of the Receive connector protocol log files by using the Exchange Management Console only in Microsoft Exchange Server 2007 Service Pack 1 (SP1).
To use the Exchange Management Console to change the location of the Receive connector protocol log files for all Receive connectors on a Hub Transport server or an Edge Transport server in Exchange 2007 SP1
Open the Exchange Management Console. Perform one of the following steps:
On a computer that has the Edge Transport server role installed, select Edge Transport, and then in the action pane, click the Properties link that is directly under the server name.
On a computer that has the Hub Transport server role installed, in the console tree, expand Server Configuration, and select Hub Transport. In the action pane, click the Properties link that is directly under the server name.
In the Properties page, click the Log Settings tab.
In the Protocol log section, click Browse next to Receive connector protocol log file path.
In the Browse for folder window, browse to the new location where you want to store the Receive connector protocol log files. If you want to create a new folder, select a parent folder, click Make New Folder, and then type the name of the new folder. After you make your folder selection, click OK to close the Browse for folder window.
Click Apply to save changes and remain in the Properties page, or click OK to save changes and exit the Properties page.
To use the Exchange Management Shell to change the location of the Receive connector protocol log files for all Receive connectors on a Hub Transport server or an Edge Transport server in Exchange 2007 SP1 or the release to manufacturing (RTM) version of Exchange 2007
Run the following command:
Set-TransportServer <Identity> -ReceiveProtocolLogPath <LocalFilePath>
For example, to set the Receive connector protocol log directory to C:\Receive SMTP Log on an Exchange 2007 computer named Exchange01, run the following command:
Set-TransportServer Exchange01 -ReceiveProtocolLogPath "C:\Receive SMTP Log"
By default, the Send connector protocol log files are located at C:\Program Files\Microsoft\Exchange Server\TransportRoles\Logs\ProtocolLog\SmtpSend. The directory must be local to the Exchange 2007 computer.
Note
You can configure the location of the Send connector protocol log files by using the Exchange Management Console only in Exchange 2007 SP1.
To use the Exchange Management Console to change the location of the Send connector protocol log files for all Send connectors on a Hub Transport server or an Edge Transport server in Exchange 2007 SP1
Open the Exchange Management Console. Perform one of the following steps:
On a computer that has the Edge Transport server role installed, select Edge Transport, and then in the action pane, click the Properties link that is directly under the server name.
On a computer that has the Hub Transport server role installed, in the console tree, expand Server Configuration, and select Hub Transport. In the action pane, click the Properties link that is directly under the server name.
In the Properties page, click the Log Settings tab.
In the Protocol log section, click Browse next to Send connector protocol log file path.
In the Browse for folder window, browse to the new location where you want to store the Send connector protocol log files. If you want to create a new folder, select a parent folder, click Make New Folder, and then type the name of the new folder. After you make your folder selection, click OK to close the Browse for folder window.
Click Apply to save changes and remain in the Properties page, or click OK to save changes and exit the Properties page.
To use the Exchange Management Shell to change the location of the Send connector protocol log files for all Send connectors on a Hub Transport server or an Edge Transport server in Exchange 2007 SP1 or Exchange 2007 RTM
Run the following command:
Set-TransportServer <Identity> -SendProtocolLogPath <LocalFilePath>
For example, to set the Send connector protocol log directory to
C:\Send SMTP Log
on an Exchange 2007 computer named Exchange01, run the following command:Set-TransportServer Exchange01 -SendProtocolLogPath "C:\Send SMTP Log"
Setting the value of the SendProtocolLogPath parameter or ReceiveProtocolLogPath parameter to $null
disables protocol logging for all Send connectors or all Receive connectors on the server. However, setting either of these parameters to $null
when protocol logging is enabled for any Send connector, including the intra-organization Send connector, or Receive connector on the server generates event log errors. The preferred method of disabling protocol logging is to use the Set-SendConnector or SetReceiveConnector cmdlets to set the ProtocolLoggingLevel to None
on each Send connector or Receive connector. Also, you can use the SetTransportServer cmdlet to set the IntraOrgProtocolLoggingLevel to None
.
Changing the location of the protocol log directory does not copy any existing log files from the old directory to the new directory. The new protocol log directory is active almost immediately after the configuration change, but any existing log files are left in the old directory.
The following permissions are required on the protocol log directory:
Administrator: Full Control
System: Full Control
Network Service: Read, Write, and Delete Subfolders and Files
By default, the Microsoft Exchange Transport service uses the security credentials of the Network Service user account to create the new protocol logging directory and apply the correct permissions. If the new protocol log directory does not already exist, and the Network Service account has the rights that are required to create folders and apply permissions at the new location, the new protocol log directory is created, and the correct permissions are applied to the protocol log directory. If the new protocol log directory already exists, the existing folder permissions are not checked. Whenever you move the protocol log directory by using the SendProtocolLogPath or ReceiveProtocolLogPath parameter with the Set-TransportServer cmdlet, it is always a good idea to verify that the new protocol log directory exists and that the new directory has the correct permissions applied to it. If your change to the protocol log directory is not successful, you can create the new protocol log directory and apply the correct permissions to it before you use the SendProtocolLogPath or ReceiveProtocolLogPath parameter with the Set-TransportServer cmdlet.
Configuring the Maximum Size of Each Protocol Log File
By default, the maximum size for each protocol log file is 10 MB. All Receive connectors on the server share the same protocol log files, and all Send connectors on the server share the same protocol log files. When a protocol log file reaches its maximum size, Exchange 2007 opens a new protocol log file. This process continues until either of the following conditions is true:
The protocol log directory reaches its specified maximum size. For more information about how to change the maximum size of the protocol log directory, see "Configuring the Maximum Size of the Protocol Log Directory" later in this topic.
A protocol log file reaches its specified maximum age. For more information about how to change the maximum age for a protocol log file, see "Configuring the Maximum Age for the Protocol Log Files" later in this topic.
After the maximum size or age limit is reached, circular logging deletes the oldest protocol log files.
To use the Exchange Management Shell to change the maximum size of Receive connector protocol log files
Run the following command:
Set-TransportServer <Identity> -ReceiveProtocolLogMaxFileSize <FileSize>
For example, to set the maximum size of Receive connector protocol log files to 20 MB on an Exchange 2007 computer named Exchange01, run the following command:
Set-TransportServer Exchange01 -ReceiveProtocolLogMaxFileSize 20MB
To use the Exchange Management Shell to set the size limit of the Send connector protocol log files
Run the following command:
Set-TransportServer <Identity> -SendProtocolLogMaxFileSize <FileSize>
For example, to set the size limit of Send connector protocol log files to 20 MB on an Exchange 2007 computer named Exchange01, run the following command:
Set-TransportServer Exchange01 -SendProtocolLogMaxFileSize 20MB
When you enter a value for either parameter, qualify the value with one of the following units:
B
(bytes)KB
(kilobytes)MB
(megabytes)GB
(gigabytes)TB
(terabytes)
Unqualified values are treated as bytes. The value of the ReceiveProtocolLogMaxFileSize parameter must be less than or equal to the value of the ReceiveProtocolLogMaxDirectorySize parameter. The value of the SendProtocolLogMaxFileSize parameter must be less than or equal to the value of the SendProtocolLogMaxDirectorySize parameter. The valid input range for any of these parameters is 1 to 9223372036854775807 bytes.
Configuring the Maximum Size of the Protocol Log Directory
By default, the maximum size for the whole protocol log directory is 250 MB. All Receive connectors on the server share the same protocol log directory, and all Send connectors on the server share the same protocol log directory. Circular logging deletes the oldest protocol log files when either of the following conditions is true:
The protocol log directory reaches its specified maximum size.
A protocol log file reaches its specified maximum age.
Note
By default, the transport logging process has a logging level value of 0 (Lowest). If you want Microsoft Exchange to write an event log entry when circular logging removes a log file, you must change the logging level value of the transport logging process to 5 (Maximum) or 7 (Expert). For more information, see How to Change Logging Levels for Exchange Processes.
To use the Exchange Management Shell to change the maximum size of the Receive connector protocol log directory
Run the following command:
Set-TransportServer <Identity> -ReceiveProtocolLogMaxDirectorySize <DirectorySize>
For example, to set the maximum size of the Receive connector protocol log directory to 400 MB on an Exchange 2007 computer named Exchange01, run the following command:
Set-TransportServer Exchange01 -ReceiveProtocolLogMaxDirectorySize 400MB
To use the Exchange Management Shell to change the maximum size of the Send connector protocol log directory
Run the following command:
Set-TransportServer <Identity> -SendProtocolLogMaxDirectorySize <DirectorySize>
For example, to set the maximum size of the Send connector protocol log directory to 400 MB on an Exchange 2007 computer named Exchange01, run the following command:
Set-TransportServer Exchange01 -SendProtocolLogMaxDirectorySize 400MB
When you enter a value for either parameter, qualify the value with one of the following units:
B
(bytes)KB
(kilobytes)MB
(megabytes)GB
(gigabytes)TB
(terabytes)
Unqualified values are treated as bytes. The value of the ReceiveProtocolLogMaxFileSize parameter must be less than or equal to the value of the ReceiveProtocolLogMaxDirectorySize parameter. The value of the SendProtocolLogMaxFileSize parameter must be less than or equal to the value of the SendProtocolLogMaxDirectorySize parameter. The valid input range for any of these parameters is 1 to 9223372036854775807 bytes.
Configuring the Maximum Age for the Protocol Log Files
By default, the maximum age for any protocol log file is 30 days. All Receive connectors on the server share the same protocol log files, and all Send connectors on the server share the same protocol log files. Circular logging deletes the oldest protocol log files if either of the following conditions is true:
The protocol log directory reaches its specified maximum size.
A protocol log file reaches its specified maximum age.
Note
By default, the transport logging process has a logging level value of 0 (Lowest). If you want Microsoft Exchange to write an event log entry when circular logging removes a log file, you must change the logging level value of the transport logging process to 5 (Maximum) or 7 (Expert). For more information, see How to Change Logging Levels for Exchange Processes.
To use the Exchange Management Shell to set the maximum age of the Receive connector protocol log files
Run the following command:
Set-TransportServer <Identity> -ReceiveProtocolLogMaxAge <Age>
For example, to set the age limit of the Receive connector protocol log files to 45 days on an Exchange 2007 computer named Exchange01, run the following command:
Set-TransportServer Exchange01 -ReceiveProtocolLogMaxAge 45.00:00:00
To use the Exchange Management Shell to set the maximum age of the Send connector protocol log files
Run the following command:
Set-TransportServer <Identity> -SendProtocolLogMaxAge <Age>
For example, to set the age limit of the Send connector protocol log files to 45 days on an Exchange 2007 computer named Exchange01, run the following command:
Set-TransportServer Exchange01 -SendProtocolLogMaxAge 45.00:00:00
To specify an age value, enter the value as a time span: dd.hh:mm:ss, where d = days, h = hours, m = minutes, and s = seconds. The valid input range for this parameter is 00:00:00 to 24855.03:14:07. Setting the value of the ReceiveProtocolLogMaxAge parameter or the SendProtocolLogMaxAge parameter to 00:00:00
prevents the automatic removal of protocol log files because of their age.
For More Information
For detailed syntax and parameter information about each command, see the following topics:
For More Information
For more information about protocol logging, see Managing Protocol Logging