Which Exchange Logs should be collected for central logging solution?

Hi,

I am implementing a central logging solution using Elasticsearch, Logstash, and Kibana (ELK Stack). Now, which Exchange 2010 logs should be collected, message tracking, IIS, any other recommendations?
LVL 2
A1opusAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hello WorldCommented:
SteveCommented:
depends what you are trying to monitor. there are various logs that exchange can produce but they all log a different element.
if you want to monitor for general issues, the event log is the best place as Exchange puts most issues in there by default.
if you want to monitor specific things consider  the individual logging element from each part of Exchange as noted above.
A1opusAuthor Commented:
Thanks for the replies. Currently, I am collecting message tracking which is highly recommended. What about IIS logs for OWA. I know Exchange can produce various logs that's why I asked a question in first place for recommendation.
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Sudeep SharmaTechnical DesignerCommented:
...........IIS logs for OWA.............
You should if you have application which can parse the logs and report anything which could cause trouble.
We use Splunk and monitor the IIS OWA logs as it would list the IP addresses connection, user logging into the server, devices (Iphone & android) connecting, invalid logins, failed attempts, hacking attempts etc.

sudeep
SteveCommented:
I know Exchange can produce various logs that's why I asked a question in first place for recommendation.
yes,but we need to know what your intention is to make appropriate recommendations.
Are you monitoring health, performance, specific issues?
IE what are you looking for?
A1opusAuthor Commented:
yes,but we need to know what your intention is to make appropriate recommendations.
Are you monitoring health, performance, specific issues?
IE what are you looking for?

Well, it's not for monitoring health performance but for forensic investigation in case of any event.
SteveCommented:
Nice one. in that case, IIS & SMTP logs are definites so you can monitor mailflow & activesync/web access.
Message tracking can be exported via powershell so include those for all internal mailflow too.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
A1opusAuthor Commented:
Thanks Steve,

So, I should ship IIS, SmTP. and message tracking logs, right?
SteveCommented:
Definitely. Would you need a record of the actual messages too? could you Journalling if you need to, but this can take up a lot of storage so only do it if you really need it.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.