ENTERPRISE

Exchange Server 2007 Management and Maintenance Practices : Auditing the Environment (part 3) - Message Tracking

10/2/2014 9:26:46 PM

3. Message Tracking

Of the auditing techniques available in Exchange, message tracking is by far the least resource-intensive and will likely be the most commonly used by administrators. Because this feature has proven so valuable in previous versions of Exchange, Microsoft has enabled it by default in Exchange 2007. Previously, message tracking was disabled by default, and had to be enabled on a server-by-server basis.

Administrators can use message tracking logs for message forensics, reporting, and troubleshooting, as well as analyzing mail flow in an organization.

Message tracking records the SMTP transport activity of all messages sent to or from any Exchange 2007 Hub Transport, Edge Transport, or Mailbox server.

Message tracking logs cannot be configured by using the Exchange Management Console; all settings must be configured using the Exchange Management Shell.

To perform these procedures on a computer with the Hub Transport or Mailbox server role installed, administrators must be logged on using an account that is a member of the Exchange Administrators group. The account must also be a member of the local Administrators group on that computer. For a computer with the Edge Transport server role installed, administrators must be logged on using an account that is a member of the local Administrators group on that computer.

Enabling or Disabling Message Tracking

As previously stated, by default, message tracking is enabled on all Exchange 2007 computers that deal with message transport. This includes Hub Transport, Edge Transport, and Mailbox servers. Message tracking can prove to be extremely useful, and administrators should avoid disabling the feature unless there are overwhelming reasons. All commands must be run from the Exchange Management Shell.

As in other shell commands, the <Identity> argument is replaced by the server name. To enable the feature, use the $true argument, and to disable it use $false.

To enable or disable message tracking on a Hub Transport or Edge Transport server:

Set-TransportServer <Identity> -MessageTrackingLogEnabled:<$true or $false>

To enable or disable message tracking on a Mailbox server:

Set-MailboxServer <Identity> -MessageTrackingLogEnabled:<$true or $false>

Sample command: To disable message tracking on a Mailbox server named Server1, use the following command:

Set-MailboxServer Server1 –MessageTrackingLogEnabled:$false

Note

If a server has both the Mailbox server role and the Hub Transport server role installed, you can use either the Set-MailboxServer or Set-TransportServer cmdlet.


Changing the Location of Message Tracking Logs

Exchange Server 2007 allows administrators to specify the location of the message tracking logs. The new location becomes effective immediately upon the completion of the command; however, any existing log files are not copied to the new directory—they will remain in the old directory.

By default, these files are located in the C:\Program Files\Microsoft\Exchange Server\TransportRoles\Logs\MessageTracking directory.

When creating a new directory, the following permissions are required:

  • Administrator— Full Control

  • System— Full Control

  • Network Service— Read, Write, and Delete Subfolders and Files

To change the default location for these log files, use the following commands in the Exchange Management Shell:

Change message tracking log file location for a Hub Transport server or an Edge Transport server:

Set-TransportServer <Identity> -MessageTrackingLogPath <LocalFilePath>

Change message tracking log file location for a Mailbox server:

Set-MailboxServer <Identity> -MessageTrackingLogPath <LocalFilePath>

Sample command: To change the location of the message tracking log to D:\Message Tracking on an Exchange 2007 Hub Transport server named Server1, use the following command:

Set-TransportServer Server1 –MessageTrackingLogPath "D:\Message Tracking"

Configuring Message Tracking Log File and Log Directory Maximum Size

To prevent log files from growing so large that they deplete all available disk space, Exchange Server 2007 allows administrators to configure maximum log file and directory sizes. This configuration setting is a per-server setting and, by default, the maximum directory size is 250MB, whereas the maximum log file size is 10MB. When the maximum file size is reached, Exchange opens a new log file. When the maximum directory size is reached, Exchange overwrites the log files, starting with the oldest logs first.

To configure message tracking log directory and file sizes, use the following commands in the Exchange Management Shell. Be aware, these commands must be performed for each server you want to modify. The <DirectorySize> and <FileSize> arguments should be entered as a number followed by one of the following:

  • B (bytes)

  • KB (kilobytes)

  • MB (megabytes)

  • GB (gigabytes)

  • TB (terabytes)

Change maximum size for message tracking log directory on a Hub Transport or Edge Transport server:

Set-TransportServer <Identity> -MessageTrackingLogMaxDirectorySize <DirectorySize>

Change maximum size for message tracking log directory on a Mailbox server:

Set-MailboxServer <Identity> -MessageTrackingLogMaxDirectorySize <DirectorySize>

Change maximum size for individual message tracking log files on a Hub Transport or Edge Transport server:

Set-TransportServer <Identity> -MessageTrackingLogMaxFileSize <FileSize>

Change maximum size for individual message tracking log files on a Mailbox server:

Set-MailboxServer <Identity> -MessageTrackingLogMaxFileSize <FileSize>

Sample command: To set the maximum size for the message tracking log directory on a Hub Transport server named Server1 to 500MB, use the following command:

Set-TransportServer Server1 –MessageTrackingLogMaxDirectorySize 500MB

Configuring the Maximum Age for the Message Tracking Logs

In addition to having the ability to configure the maximum file and directory sizes for message tracking logs, administrators can also configure a maximum age for each message tracking log file. The default age is set to 30 days, and any log files that exceed this age are deleted by Exchange.

To change the maximum age of message tracking log files, use the following commands in the Exchange Management Shell. The <Age> argument is entered in the following format: DD.HH:MM:SS, for Days, Hours, Minutes, Seconds.

Change maximum age for the message tracking log files on a Hub Transport or Edge Transport server:

Set-TransportServer <Identity> -MessageTrackingLogMaxAge <Age>

Change maximum age for the message tracking log files on a Mailbox server:

Set-MailboxServer <Identity> -MessageTrackingLogMaxAge <Age>

Sample command: To set the maximum age of the message tracking log files on an Exchange 2007 Mailbox server named Server1 to 45 days, use the following command:

Set-MailboxServer Server1 –MessageTrackingLogMaxAge 45.00:00:00
Other  
 
Video
Top 10
Free Mobile And Desktop Apps For Accessing Restricted Websites
MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
TOYOTA CAMRY 2; 2.5 : Camry now more comely
KIA SORENTO 2.2CRDi : Fuel-sipping slugger
How To Setup, Password Protect & Encrypt Wireless Internet Connection
Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
Backup & Restore Game Progress From Any Game With SaveGameProgress
Generate A Facebook Timeline Cover Using A Free App
New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
Popular Tags
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Exchange Server Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe Photoshop CorelDRAW X5 CorelDraw 10 windows Phone 7 windows Phone 8 Iphone