SMTP log analysis - tools to use?

Posted on 2014-04-17
Medium Priority
Last Modified: 2016-03-28
Can anyone recommend a tool to analyse SMTP logs.

SMTP log analysis tool recommendations?....

Basically I have a number of large 16,000 line SMTP log(s) containing some errors and some success messages,   I know how to identify the errors and success messages, but I would like a tool where I can quickly highlight the errors in the log file.

Basically there are a large number of failures with inconsistent error message and  we want to extract the email addresses so we can resend the emails now we have resolved the original error.

I can go through the logs by hand but its going to take me a day to go through such a large file,  can anyone recommend any tools or scripts I can use....
Question by:Spikeuk30
  • 2
  • 2
  • 2
  • +2
LVL 46

Expert Comment

by:Sjef Bosman
ID: 40008373
Notepad++ ?

Or, on Linux: simply grep all error lines. There is a Windows version here: http://gnuwin32.sourceforge.net/packages/grep.htm (I've never used it personally).
LVL 14

Expert Comment

ID: 40008510
If you're using Linux,

cat maillog | grep 'error' > error.txt

will dump all errors in your maillog into a nice little file named errors.txt. Note: command example assumes you're in your log directory prior to running the command
LVL 12

Accepted Solution

SreRaj earned 2000 total points
ID: 40008615

Log Parser, and Log Parser Studio created by Exchange Team gives you the option to extract sender/recipient addresses for failed mail transactions from Message Tracking Logs.

Log Parser 2.2 is a command line tool for parsing logs files. It can be downloaded from the following link.


Log Parser Studio is a custom GUI build for LP by Exchange Team and it has 181 queries which is helpful in generating reports and troubleshooting issues related to AD/Exchange. Following is the link to download it.


Path of Messaging Tracking Logs can be found from the following location.

Path for Message Tracking Logs
You could copy MT Logs generated for a day to a local folder and select the MT Logs using 'Chose Log files/folders to query option' in LPS. Then run the query 'Message Tracking: Exchange 2010 - Failures by sender/receiver/direction/status' from LPS Library. This will generate a report of failed mail transactions for the day in a new tab with details like sender, recipient and error.

Generate report from LPS
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!


Author Comment

ID: 40010095
thanks for all your help - i'm almost there....

the smtp logs are not from Exchange - but are raw data smtp logs from a webserver.

I found log parser lizard which looks good , but I think I need to create a query sql of which I have no idea how to do?
LVL 12

Expert Comment

ID: 40012297
Query is almost same as SQL. You could try a query like the following.

SELECT user, time, status FROM '[LOGFILEPATH]'
WHERE status LIKE '%Error%'

More examples of the query syntax can be found in the following URLs.


Author Comment

ID: 40012961
ok i'm getting close, I opened the log file in excel and turned it into a .CSV with columns for IP, date, and description (which contains the errors).

Im trying to create a sql query to search the log file for specific words in the errors:

Im trying to create a SQL query to do the following :

Search log for error message in description column  

when error found check the date column for the row containing the error.

Search all rows and display where their date = the error date

move onto next error...
LVL 46

Expert Comment

by:Sjef Bosman
ID: 40013392
Why not try with grep ??

Expert Comment

by:Naomi Goldberg
ID: 41484930
Users on IT Central Station interested in SMTP log analysis tools have read reviews for Splunk and LogRhythm.

This Systems Application specialist writes that while Splunk can be easier to set up, he highly values Splunk's "performance, scalability and most importantly the innovative way of collecting and presenting data." For the full review: https://www.itcentralstation.com/product_reviews/splunk-review-31982-by-hristo-damyanov

In regards to LogRhythm, this Senior Manager at a Distributed Services company writes, "The solution has significantly reduced the time and effort necessary to manage and review logs and produce reports for regulatory compliance." You can access the full review here: https://www.itcentralstation.com/product_reviews/logrhythm-review-34390-by-scott-reikofski

Hope this helps!

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Are you in the migration process of your Exchange to Exchange Online? Be aware of customized solutions developed on the transport role on your old Exchange server. They might not be convertible to Exchange Online!
In an Exchange Crossforest migration, the distribution groups can be a very complex operation that would cause loss of time, lots of issues and continued headaches if not solved in a timely manner. I had to do a similar project so I created a sc…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

586 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question