Monday, 1 February 2016

Receive connector logging | Exchange 2013, 2016

Introduction


In this post, we’ll do a walk through on how to enable receive connector logging, where to find the logs or move the receive connector log path.
  • Enable Receive Connector Logging
  • Receive Connector Log Path
  • Change the Receive Connector Log Path and other settings
  • Disable Receive Connector Logging

Enable Receive Connector Logging


To enable receive connector logging for a single receive connector, e.g. Relay 1 on server LITEX01:

Set-ReceiveConnector “LITEX01\Relay 1” -ProtocolLogging Verbose


image_thumb


To enable receive connector logging for all receive connector on a particular server, e.g. server LITEX01:

Get-ReceiveConnector -Server LITEX01 | Set-ReceiveConnector -ProtocolLogging Verbose


image_thumb1


Receive Connector Log Path


If you read the background infromation on receive connectors here, you’ll see that there are two services involved in email transport and each has its own receive connectors:
  • Front End Transport Service
  • Transport Service

They also each have their own receive connector protocol log path.

Front End Transport Service Receive Connector Log Path


The default for the Front End Transport Service is: "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpReceive"

You can check the Front End Transport Service receive connector log path by running the below command which outputs the path for the server LITEX01:

Get-FrontendTransportService -Identity LITEX01 | fl ReceiveProtocolLogPath

image


Transport Service Receive Connector Log Path


The Transport Service receive connector log path is: "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\ProtocolLog\SmtpReceive"

You can check the log path by running this command for server LITEX01:

Get-TransportService -Identity LITEX01 | fl ReceiveProtocolLogPath

image

Change the Receive Connector Log Path and other settings


In this section, we’ll look at how to change the log path and other settings for the Front End Transport Service and the Transport Service.

Front End Transport Service


We can confirm the current settings by running the command below:

Get-FrontEndTransportService -Identity LITEX01 | fl Receive*

image

Here we can see that logs are stored for a maximum of 30 days, each log file can grow to 10MB and the maximum log directory size is 250MB. The log path is also listed.

There may be some requirements to store receive connector logs for more than 30 days. In this case, you can increase the maximum directory size to 500MB and the maximum age to 60 days using this command:

Set-FrontEndTransportService -Identity LITEX01 -ReceiveProtocolLogMaxAge 60.00:00:00 -ReceiveProtocolLogMaxDirectorySize 500MB

image

You can also change the log path. For example, this command changes the log path to E:\Logs\Frontend:

Set-FrontEndTransportService -Identity LITEX01 -ReceiveProtocolLogPath E:\Logs\Frontend

image

New logs are now written to the new path without requiring a restart of any services:

image

Transport Service


We can confirm the current settings by running the command below:

Get-TransportService -Identity LITEX01 | fl Receive*

image

Here we can see that logs are stored for a maximum of 30 days, each log file can grow to 10MB and the maximum log directory size is 250MB. The log path is also listed.

There may be some requirements to store receive connector logs for more than 30 days. In this case, you can increase the maximum directory size to 500MB and the maximum age to 60 days using this command:

Set-TransportService -Identity LITEX01 -ReceiveProtocolLogMaxAge 60.00:00:00 -ReceiveProtocolLogMaxDirectorySize 500MB

image

You can also change the log path. For example, this command changes the log path to E:\Logs\Hub:

Set-TransportService -Identity LITEX01 -ReceiveProtocolLogPath E:\Logs\Hub

image

New logs are now written to the new path without requiring a restart of any services:

image

Disable Receive Connector Logging


When you’re done with troubleshooting, you can disable receive connector logging.
To disable receive connector logging for a single receive connector, e.g. Relay 1 on server LITEX01:

Set-ReceiveConnector “LITEX01\Relay 1” -ProtocolLogging None

image

To disable receive connector logging for all receive connector on a particular server, e.g. server LITEX01:

Get-ReceiveConnector -Server LITEX01 | Set-ReceiveConnector -ProtocolLogging None

image


Conclusion


In this post, I’ve demonstrated how to enable receive connector logging, where to find the logs and how to change logging settings such as the log path and the amount of logs that are stored.

3 comments:

  1. Thanks for your amazing blog, it helped me!!


    But I have a question... How Could I make a analysis if my receive connector is working?, I mean, I would like to know if a specific receive connector is receiving messages...

    Could you help me?

    Best Regards from Mexico

    ReplyDelete
  2. Luis,

    The instructions provided here are the answer to your question. Logging will capture inbound connections with information such as source/connecting IP, sender, recipient(s), if TLS is used, etc. This is a good step to determine if relaying senders are reaching the proper server and/or connector and, if so, what response the server is giving them.

    ReplyDelete
  3. Thanks for providing this informative information you may also refer.
    http://www.s4techno.com/blog/2015/12/15/sort-unique-ip-address-from-apache-log/

    ReplyDelete