Solved

Request assistance in Exchange Log file review on ever increasing C drive on Win 2012r2 Exchange 2013 multi-role server.

Posted on 2014-10-27
6
750 Views
Last Modified: 2014-11-12
Data -
C:\...\V15 folder size - 47 GB
Of this:
Logging folder =25.6 GB
TransportRoles folder = 13 GB
FrontEnd folder = 8 GB

Mail DB and transport logs are located on Mount points and not on C drive
Pagging file is managed by server and is equal to just over RAM size.

Questions -
Are these \V15 folder sizes normal?
What logs can I trim down with Minimal risk if I need to get some space?
What logs (and command) can I easily move to another drive?
How long are these logs saved? Can I safely shorten this time?

Thank you,
0
Comment
Question by:swfwmd2
6 Comments
 
LVL 37

Expert Comment

by:Neil Russell
Comment Utility
Exchange logs are truncated by using an Exchange aware backup application.  A full backup will truncate the logs.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 250 total points
Comment Utility
That is Exchange transaction logs. These aren't transaction logs.
They would appear to be regular logs, logs of activity. Therefore you can delete those whenever you like. You should probably review them first though, particularly the dates.
For example if the logs are only a couple of days old that could indicate the server is being abused.

As for how long the logs are retained for, that is usually set within Exchange.
get-transportservice | select *protocollog* will show you the protocol logs, including the maximum time (30 days is the default).

Whether the logs are bad, depends on many factors. If you have two users sending 10 emails a day, then maybe not. If you have 1000 users send 100 emails a day, then maybe it is fine.
You can move the paths if you wish, however that simply moves new logs, the old ones will stay where they are.

Simon.

Simon.
0
 
LVL 11

Expert Comment

by:hecgomrec
Comment Utility
I just went and check my size for those folders and in total I have about 15GB.

This is for an organization with only 1 CAS and 2 mailbox servers, 85 users and is being running exchange 2013 for the past 8 months.

So depending on your settings this might be normal.  I guess your virtual is running low on hard disk.

As Simon stated you can delete most of the old ones or just move them out of the way or back them up and delete everything to regain your space.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:swfwmd2
Comment Utility
Thank you for your input.
What is the procedure/script to move the location of the future logs? There are several different logs, can they all be moved to a new location?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
No single script. Just change the paths that you can see. I usually follow the same kind of folder structure as they have by default, so they are separated out.
All of the logs can be moved. Not all of the changes take effect immediately, some require service restarts.

Simon.
0
 
LVL 11

Accepted Solution

by:
hecgomrec earned 250 total points
Comment Utility
Yes there is a way to do it.

You can do this:

Lets do the fast ones first


Get-TransportServer | foreach {

Set-TransportServer -MessageTrackingLogPath “D:\Exchange\Logs\MessageTracking”
Set-TransportServer -ConnectivityLogPath “D:\Exchange\Logs\Connectivity”
Set-TransportServer -IrmLogPath “D:\Exchange\Logs\IRMLogs”
Set-TransportServer -ReceiveProtocolLogPath “D:\Exchange\Logs\ProtocolLog\SmtpReceive”
Set-TransportServer -RoutingTableLogPath “D:\Exchange\Logs\Routing”
Set-TransportServer -ActiveUserStatisticsLogPath “D:\Exchange\Logs\ActiveUserStats”
Set-TransportServer -ServerStatisticsLogPath “D:\Exchange\Logs\ServerStats”
Set-TransportServer -SendProtocolLogPath “D:\Exchange\Logs\ProtocolLog\SmtpSend”

}

This will move those logs for all the transport servers in your Exchange organization to a specific drive (D:\), so if you have only one server, or you want different target log paths per server, you'll have to type the command in the format:

Get-TransportServer – %servername% {

Set-TransportServer -MessageTrackingLogPath “D:\Exchange\Logs\%servername%\MessageTracking”  .....


}

Where %servername% is your exchange server.

Now for the rest, you'll need to stop Exchange services to release the lock on the logging directory and log files, this mean time down so plan ahead.

Open an elevated administrator command prompt, type:

cd C:\Program Files\Microsoft\Exchange Server\V15

rename logging logging.old

mklink /D C:\Program Files\Microsoft\Exchange Server\V15\Logging > D:\Exchange\Logs

xcopy /E /I logging.old D:\Exchange\logs

This will rename the log directory,  create a link to your new path and copy subdirectories and log files to the new location.

mklink allows Exchange to continue logging to its default directory, but it is really linked to your new path.

Start exchange services and make sure logs are getting updated on the new location; When ready you can delete the “logging.old” directory to reclaim the drive space.


Here is a link to Microsoft TechNet with another way:

http://social.technet.microsoft.com/wiki/contents/articles/22479.move-logging-in-exchange-2013-via-powershell.aspx

Here is the script (L:\ is where your files will be placed, replace as needed):

# ------------------------
# MoveEX2013logs.ps1
# ------------------------
#
# Version 1.0 by KSB
#
# This script will move all of the configurable logs for  Exchange 2013 from the C: drive
# to the L: drive.  The folder sub tree and  paths on L: will stay the same as they were on C:
#
# Get the name of the local computer and  set it to a variable for use later on.

$exchangeservername = $env:computername

# Move the standard log files for  the TransportService to the same path on the L: drive that they were on C:  

Set-TransportService -Identity $exchangeservername  `
-ConnectivityLogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\Connectivity" `
-MessageTrackingLogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\MessageTracking" `
-IrmLogPath "L:\Program Files\Microsoft\Exchange Server\V15\Logging\IRMLogs" `
-ActiveUserStatisticsLogPath "L:\Program Files\Microsoft\Exchange\Server\V15TransportRoles\Logs\Hub\ActiveUsersStats" `

-ServerStatisticsLogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\ServerStats" `

-ReceiveProtocolLogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\ProtocolLog\SmtpReceive" `

-RoutingTableLogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\Routing" `

-SendProtocolLogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\ProtocolLog\SmtpSend" `

-QueueLogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\QueueViewer" `

-WlmLogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\WLM" `

-PipelineTracingPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\PipelineTracing" `

-AgentLogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\AgentLog"

# move the path for  the PERFMON logs from the C: drive to the L: drive

logman -stop ExchangeDiagnosticsDailyPerformanceLog

logman -update ExchangeDiagnosticsDailyPerformanceLog -o "L:\Program Files\Microsoft\Exchange Server\V15\Logging\Diagnostics\DailyPerformanceLogs\ExchangeDiagnosticsDailyPerformanceLog"

logman -start ExchangeDiagnosticsDailyPerformanceLog

logman -stop ExchangeDiagnosticsPerformanceLog

logman -update ExchangeDiagnosticsPerformanceLog -o "L:\Program Files\Microsoft\Exchange Server\V15\Logging\Diagnostics\PerformanceLogsToBeProcessed\ExchangeDiagnosticsPerformanceLog"

logman -start ExchangeDiagnosticsPerformanceLog

# Get the details on the EdgeSyncServiceConfig and  store them in a variable for use in setting the path

$EdgeSyncServiceConfigVAR=Get-EdgeSyncServiceConfig

# Move the Log Path using the variable we got

Set-EdgeSyncServiceConfig -Identity $EdgeSyncServiceConfigVAR.Identity -LogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\EdgeSync"

# Move the standard log files for  the FrontEndTransportService to the same path on the L: drive that they were on C:

Set-FrontendTransportService  -Identity $exchangeservername  `

-AgentLogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\AgentLog" `

-ConnectivityLogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\Connectivity" `

-ReceiveProtocolLogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpReceive" `

-SendProtocolLogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpSend"

# MOve the log path for  the IMAP server

Set-ImapSettings -LogFileLocation "L:\Program Files\Microsoft\Exchange Server\V15\Logging\Imap4"

# Move the logs for  the MailBoxServer

Set-MailboxServer -Identity $exchangeservername  `

-CalendarRepairLogPath "L:\Program Files\Microsoft\Exchange Server\V15\Logging\Calendar Repair Assistant" `

-MigrationLogFilePath  "L:\Program Files\Microsoft\Exchange Server\V15\Logging\Managed Folder Assistant"

# Move the standard log files for  the MailboxTransportService to the same path on the L: drive that they were on C:

Set-MailboxTransportService -Identity $exchangeservername  `

-ConnectivityLogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Mailbox\Connectivity" `

-MailboxDeliveryAgentLogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Mailbox\AgentLog\Delivery" `

-MailboxSubmissionAgentLogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Mailbox\AgentLog\Submission" `

-ReceiveProtocolLogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Mailbox\ProtocolLog\SmtpReceive" `

-SendProtocolLogPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Mailbox\ProtocolLog\SmtpSend" `

-PipelineTracingPath "L:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Mailbox\PipelineTracing"

# MOve the log path for  the POP3 server

Set-PopSettings -LogFileLocation "L:\Program Files\Microsoft\Exchange Server\V15\Logging\Pop3"

##


Good Luck!!!
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
how to add IIS SMTP to handle application/Scanner relays into office 365.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now