Monday, 1 February 2016

Receive connector logging | Exchange 2013, 2016

Introduction


In this post, we’ll do a walk through on how to enable receive connector logging, where to find the logs or move the receive connector log path.
  • Enable Receive Connector Logging
  • Receive Connector Log Path
  • Change the Receive Connector Log Path and other settings
  • Disable Receive Connector Logging

Enable Receive Connector Logging


To enable receive connector logging for a single receive connector, e.g. Relay 1 on server LITEX01:

Set-ReceiveConnector “LITEX01\Relay 1” -ProtocolLogging Verbose


image_thumb


To enable receive connector logging for all receive connector on a particular server, e.g. server LITEX01:

Get-ReceiveConnector -Server LITEX01 | Set-ReceiveConnector -ProtocolLogging Verbose


image_thumb1


Receive Connector Log Path


If you read the background infromation on receive connectors here, you’ll see that there are two services involved in email transport and each has its own receive connectors:
  • Front End Transport Service
  • Transport Service

They also each have their own receive connector protocol log path.

Front End Transport Service Receive Connector Log Path


The default for the Front End Transport Service is: "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpReceive"

You can check the Front End Transport Service receive connector log path by running the below command which outputs the path for the server LITEX01:

Get-FrontendTransportService -Identity LITEX01 | fl ReceiveProtocolLogPath

image


Transport Service Receive Connector Log Path


The Transport Service receive connector log path is: "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\ProtocolLog\SmtpReceive"

You can check the log path by running this command for server LITEX01:

Get-TransportService -Identity LITEX01 | fl ReceiveProtocolLogPath

image

Change the Receive Connector Log Path and other settings


In this section, we’ll look at how to change the log path and other settings for the Front End Transport Service and the Transport Service.

Front End Transport Service


We can confirm the current settings by running the command below:

Get-FrontEndTransportService -Identity LITEX01 | fl Receive*

image

Here we can see that logs are stored for a maximum of 30 days, each log file can grow to 10MB and the maximum log directory size is 250MB. The log path is also listed.

There may be some requirements to store receive connector logs for more than 30 days. In this case, you can increase the maximum directory size to 500MB and the maximum age to 60 days using this command:

Set-FrontEndTransportService -Identity LITEX01 -ReceiveProtocolLogMaxAge 60.00:00:00 -ReceiveProtocolLogMaxDirectorySize 500MB

image

You can also change the log path. For example, this command changes the log path to E:\Logs\Frontend:

Set-FrontEndTransportService -Identity LITEX01 -ReceiveProtocolLogPath E:\Logs\Frontend

image

New logs are now written to the new path without requiring a restart of any services:

image

Transport Service


We can confirm the current settings by running the command below:

Get-TransportService -Identity LITEX01 | fl Receive*

image

Here we can see that logs are stored for a maximum of 30 days, each log file can grow to 10MB and the maximum log directory size is 250MB. The log path is also listed.

There may be some requirements to store receive connector logs for more than 30 days. In this case, you can increase the maximum directory size to 500MB and the maximum age to 60 days using this command:

Set-TransportService -Identity LITEX01 -ReceiveProtocolLogMaxAge 60.00:00:00 -ReceiveProtocolLogMaxDirectorySize 500MB

image

You can also change the log path. For example, this command changes the log path to E:\Logs\Hub:

Set-TransportService -Identity LITEX01 -ReceiveProtocolLogPath E:\Logs\Hub

image

New logs are now written to the new path without requiring a restart of any services:

image

Disable Receive Connector Logging


When you’re done with troubleshooting, you can disable receive connector logging.
To disable receive connector logging for a single receive connector, e.g. Relay 1 on server LITEX01:

Set-ReceiveConnector “LITEX01\Relay 1” -ProtocolLogging None

image

To disable receive connector logging for all receive connector on a particular server, e.g. server LITEX01:

Get-ReceiveConnector -Server LITEX01 | Set-ReceiveConnector -ProtocolLogging None

image


Conclusion


In this post, I’ve demonstrated how to enable receive connector logging, where to find the logs and how to change logging settings such as the log path and the amount of logs that are stored.

6 comments:

  1. Thanks for your amazing blog, it helped me!!


    But I have a question... How Could I make a analysis if my receive connector is working?, I mean, I would like to know if a specific receive connector is receiving messages...

    Could you help me?

    Best Regards from Mexico

    ReplyDelete
  2. Luis,

    The instructions provided here are the answer to your question. Logging will capture inbound connections with information such as source/connecting IP, sender, recipient(s), if TLS is used, etc. This is a good step to determine if relaying senders are reaching the proper server and/or connector and, if so, what response the server is giving them.

    ReplyDelete
  3. Thanks for providing this informative information you may also refer.
    http://www.s4techno.com/blog/2015/12/15/sort-unique-ip-address-from-apache-log/

    ReplyDelete
  4. Hi, I have noticed a strange behaviour on an EX2016 installation, smtp receive logs are truncated every hour, and a new file is created, despite I have tried all the possible configuration, of path, age, max size, etc.... The former Exchange 2013 receive smtp log are 10MB max and truncate every day. Please help.

    ReplyDelete
  5. I have configured the protocol logging, but nothing shows up in the folder. The setting is verbose and the path is correct. what am I missing?

    ReplyDelete
  6. This is good. Could you please help me in pulling the logs with only specific fields?

    In our SMTP environment (MS exchange 2010), we gave permission to an AD Security group in receive connector for sending emails. So new users who want to use SMTP service will be added to this security group. We have around 1K users that are sending emails. We are able to get the account details from the Receive logs. My requirement is to capture all the email logs with fields -TimeStamp, Client, sender, Receiver, Message subject, Account, SourceServer ...etc. in to a database so we can calculate the utilization by our customers.

    I could get most of the fields from Get-MessageTrackingLog cmdlet but it doesn't give the authenticated account that was used to send the email. So for this, I have to go check the Receive text logs for the sessionID of the email and then filter the account information. Applied this logic in script and it is running as expected but it's taking loooooong time :-) . I have reduced the execution time of the powershell script by applying conditional scans of the text files but since the servers are used heavily, the speed we get the output is making the script unreliable (to pull 30 mins of emails (~40K emails) is taking 3 hours). Could someone please let me know if there is any command or module that can be used to get the Authenticated account information straight away?

    Thanks for the help in advance.

    ReplyDelete