SMTP Logging
Logging
SMTP protocol activity provides administrators with a powerful tool
when troubleshooting issues with message delivery. By enabling SMTP
logging, administrators can capture the SMTP conversations with email
servers during message transport. Each Receive and Send connector in an
Exchange Server 2013 environment has the capability of logging SMTP
activity, providing information regarding messaging commands that a
user sends to the Exchange Server 2013 server. This includes, but is
not limited to, such information as IP address, bytes sent, data, time,
protocol, and domain name.
To enable SMTP
protocol logging, administrators must enable the feature on each Send
and Receive connector on each Exchange Server 2013 server where logging
is desired. By default, SMTP logging is disabled on all Send and
Receive connectors.
Configuring SMTP Logging from the Exchange Administration Center
The
configuration of SMTP protocol logging utilizing the Exchange
Administration Center is limited to enabling or disabling the feature.
To enable or disable SMTP protocol logging from the EAC, perform the
following tasks:
1. Log on to the Exchange Administration Center (https://{servername}/ecp).
2. Click Mail Flow from the left window pane.
3. Choose either the Send Connectors or Receive Connectors option on which you want to enable logging.
• For Hub Transport Send connectors—When you click Send Connectors and then click one of the Send connectors on screen, the “Logging” control is in the right pane.
• For Hub Transport Receive connectors—When
you click Receive Connectors, choose a server, and then click one of
the Receive connectors on screen, the “Logging” control is in the right
pane.
• For Edge Transport connectors—On
the Edge Transport server, select Edge Transport in the console tree.
Select the appropriate server in the results pane, and then select the
Receive Connectors or Send Connectors tab in the bottom half of the
results pane. Select the desired connector from those displayed.
4.
After you have selected the appropriate connector, click the Logging On
or Off option, and a pop-up similar to what is shown in Figure 6 will appear to prompt you whether you want to turn on or turn off logging.
Figure 6. Changing logging in the Exchange Administration Center.
Changing the Protocol Log Path
Exchange
Server 2013 allows administrators to specify the location of the Send
and Receive log files. The log files for all Send connectors on a
particular server are in one location, and the log files for all
Receive connectors are in another.
By default, these files are located in the following locations:
• Receive log—C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\{Hub/Mailbox}\ProtocolLog\SmtpReceive
• Send log—C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\{Hub/Mailbox}\ProtocolLog\SmtpSend
To change the default location for these log files, use the following commands in the Exchange Management Shell:
Change log file location for the Receive connectors:
Set-TransportServer <ServerName> -ReceiveProtocolLogPath <LogPath>
Change log file location for the Send connectors:
Set-TransportServer <ServerName> -SendProtocolLogPath <LogPath>
Sample command: To set the Receive SMTP protocol log path for all Receive connectors on Server1 to C:\SMTP Receive Logs, use the following command:
Set-TransportServer Server1 -ReceiveProtocolLogPath "C:\SMTP Receive Logs"
Configuring Log File and Log Directory Maximum Size
To
prevent log files from growing so large that they deplete all available
disk space, Exchange Server 2013 allows administrators to configure
maximum log file and directory sizes. This configuration setting is a
per-server setting and, by default, the maximum directory size is
250MB, whereas the maximum log file size is 10MB. When the maximum file
size is reached, Exchange Server opens a new log file. When the maximum
directory size is reached, Exchange Server overwrites the log files,
starting with the oldest logs first.
To
configure SMTP protocol log directory and file sizes, use the following
commands in the Exchange Management Shell. Be aware, these commands
must be performed for each server that you want to modify. The <DirectorySize> and <FileSize> arguments should be entered as a number followed by one of the following:
• B (bytes)
• KB (kilobytes)
• MB (megabytes)
• GB (gigabytes)
• TB (terabytes)
Change maximum size for Receive SMTP protocol log directory:
Set-TransportServer <ServerName> -ReceiveProtocolMaxDirectorySize <DirectorySize>
Change maximum size for Send SMTP protocol log directory:
Set-TransportServer <ServerName> -SendProtocolMaxDirectorySize <DirectorySize>
Change maximum size for Receive SMTP protocol log files:
Set-TransportServer <ServerName> -ReceiveProtocolMaxFileSize <FileSize>
Change maximum size for Send SMTP protocol log files:
Set-TransportServer <ServerName> -SendProtocolMaxFileSize <FileSize>
Sample
command: To set the maximum size for the Receive SMTP protocol log
directory on Server1 to 1GB, use the following command:
Set-TransportServer Server1 –ReceiveProtocolMaxDirectorySize 1GB
Configuring the Maximum Age for the SMTP Protocol Log
In
addition to having the ability to configure the maximum file and
directory sizes for SMTP protocol logs, administrators can also
configure a maximum age for each SMTP protocol log file. The default
age for all log files is set to 30 days, and any log files that exceed
this age are deleted by Exchange Server.
To change the maximum age of SMTP protocol log files, use the following commands in the Exchange Management Shell. The <Age> argument is entered in the following format: DD.HH:MM:SS, for days, hours, minutes, seconds.
Change maximum age for the Receive SMTP protocol log file:
Set-TransportServer <ServerName> -ReceiveProtocolLogMaxAge <Age>
Change maximum age for the Send SMTP protocol log file:
Set-TransportServer <ServerName> -SendProtocolLogMaxAge <Age>
Sample command: To set the maximum age of the Send SMTP protocol log file on Server1 to 60 days, use the following command:
Set-TransportServer Server1 –SendProtocolLogMaxAge 60.00:00:00
or:
Set-TransportServer Server1 –SendProtocolLogMaxAge 60
