Naj Saqi
asked on
Which Exchange Logs should be collected for central logging solution?
Hi,
I am implementing a central logging solution using Elasticsearch, Logstash, and Kibana (ELK Stack). Now, which Exchange 2010 logs should be collected, message tracking, IIS, any other recommendations?
I am implementing a central logging solution using Elasticsearch, Logstash, and Kibana (ELK Stack). Now, which Exchange 2010 logs should be collected, message tracking, IIS, any other recommendations?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the replies. Currently, I am collecting message tracking which is highly recommended. What about IIS logs for OWA. I know Exchange can produce various logs that's why I asked a question in first place for recommendation.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I know Exchange can produce various logs that's why I asked a question in first place for recommendation.yes,but we need to know what your intention is to make appropriate recommendations.
Are you monitoring health, performance, specific issues?
IE what are you looking for?
ASKER
yes,but we need to know what your intention is to make appropriate recommendations.
Are you monitoring health, performance, specific issues?
IE what are you looking for?
Well, it's not for monitoring health performance but for forensic investigation in case of any event.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Steve,
So, I should ship IIS, SmTP. and message tracking logs, right?
So, I should ship IIS, SmTP. and message tracking logs, right?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if you want to monitor for general issues, the event log is the best place as Exchange puts most issues in there by default.
if you want to monitor specific things consider the individual logging element from each part of Exchange as noted above.